Lucene search

K

Data Center Network Manager Security Vulnerabilities

cve
cve

CVE-2024-20348

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this...

7.5CVSS

7AI Score

0.0004EPSS

2024-04-03 05:15 PM
52
cve
cve

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-04-03 05:15 PM
44
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2906
In Wild
cve
cve

CVE-2013-5487

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID...

6.7AI Score

0.066EPSS

2022-10-03 04:14 PM
35
cve
cve

CVE-2013-1196

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network...

6.3AI Score

0.0004EPSS

2022-10-03 04:14 PM
20
cve
cve

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

5.9CVSS

7.5AI Score

0.966EPSS

2021-12-18 12:15 PM
752
In Wild
4
cve
cve

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....

10CVSS

9.8AI Score

0.976EPSS

2021-12-10 10:15 AM
3635
In Wild
399
cve
cve

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option......

8.3CVSS

8.5AI Score

0.013EPSS

2021-07-21 03:15 PM
157
9
cve
cve

CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and...

8.8CVSS

8.4AI Score

0.004EPSS

2021-05-18 12:15 PM
326
16
cve
cve

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS

7AI Score

0.014EPSS

2021-05-14 08:15 PM
374
In Wild
11
cve
cve

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path...

4.8CVSS

5.5AI Score

0.002EPSS

2021-04-13 07:15 AM
341
In Wild
26
cve
cve

CVE-2021-1249

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For...

6.5CVSS

5.3AI Score

0.001EPSS

2021-01-20 09:15 PM
38
3
cve
cve

CVE-2021-1247

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this...

8.8CVSS

9AI Score

0.003EPSS

2021-01-20 09:15 PM
47
3
cve
cve

CVE-2021-1250

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For...

6.5CVSS

5.3AI Score

0.001EPSS

2021-01-20 09:15 PM
35
2
cve
cve

CVE-2021-1248

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this...

8.8CVSS

7.9AI Score

0.003EPSS

2021-01-20 09:15 PM
37
1
cve
cve

CVE-2021-1135

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...

4.6CVSS

4.7AI Score

0.001EPSS

2021-01-20 09:15 PM
35
1
cve
cve

CVE-2021-1276

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...

7.5CVSS

6.3AI Score

0.001EPSS

2021-01-20 08:15 PM
26
2
cve
cve

CVE-2021-1277

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...

7.5CVSS

6.3AI Score

0.001EPSS

2021-01-20 08:15 PM
29
2
cve
cve

CVE-2021-1286

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For...

6.5CVSS

6AI Score

0.002EPSS

2021-01-20 08:15 PM
26
3
cve
cve

CVE-2021-1283

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is....

5.5CVSS

5AI Score

0.0004EPSS

2021-01-20 08:15 PM
33
2
cve
cve

CVE-2021-1272

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation....

8.8CVSS

8.7AI Score

0.002EPSS

2021-01-20 08:15 PM
31
5
cve
cve

CVE-2021-1269

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this.....

6.3CVSS

6.3AI Score

0.001EPSS

2021-01-20 08:15 PM
35
3
cve
cve

CVE-2021-1270

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this.....

6.5CVSS

6.4AI Score

0.001EPSS

2021-01-20 08:15 PM
26
4
cve
cve

CVE-2021-1133

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...

7.3CVSS

7.1AI Score

0.001EPSS

2021-01-20 08:15 PM
34
2
cve
cve

CVE-2021-1253

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For...

6.5CVSS

5.3AI Score

0.001EPSS

2021-01-20 08:15 PM
30
3
cve
cve

CVE-2021-1255

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...

5.4CVSS

5.5AI Score

0.001EPSS

2021-01-20 08:15 PM
25
1
cve
cve

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
226
7
cve
cve

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
222
6
cve
cve

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.004EPSS

2021-01-07 12:15 AM
223
16
cve
cve

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
226
12
cve
cve

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
219
6
cve
cve

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
208
6
cve
cve

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
212
7
cve
cve

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
213
5
cve
cve

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
214
6
cve
cve

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
204
7
cve
cve

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
214
4
cve
cve

CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory.....

3.3CVSS

5.2AI Score

0.001EPSS

2020-12-10 11:15 PM
693
18
cve
cve

CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves...

5.9CVSS

5.5AI Score

0.004EPSS

2020-12-08 04:15 PM
722
39
cve
cve

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data...

7.5CVSS

7.3AI Score

0.004EPSS

2020-12-03 05:15 PM
287
17
cve
cve

CVE-2020-8669

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network...

6.5CVSS

6.1AI Score

0.001EPSS

2020-11-12 07:15 PM
28
cve
cve

CVE-2020-12347

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network...

8.8CVSS

8.7AI Score

0.001EPSS

2020-11-12 07:15 PM
27
cve
cve

CVE-2020-12353

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network...

6.5CVSS

6.2AI Score

0.001EPSS

2020-11-12 07:15 PM
27
cve
cve

CVE-2020-12349

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network...

6.5CVSS

6.1AI Score

0.001EPSS

2020-11-12 07:15 PM
22
cve
cve

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit...

6.5CVSS

6.9AI Score

0.003EPSS

2020-09-04 12:15 AM
379
2
cve
cve

CVE-2020-3523

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management...

6.5CVSS

5.2AI Score

0.001EPSS

2020-08-26 05:15 PM
20
cve
cve

CVE-2020-3520

A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any...

5.5CVSS

5.2AI Score

0.0004EPSS

2020-08-26 05:15 PM
21
cve
cve

CVE-2020-3521

A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker....

6.5CVSS

6.3AI Score

0.002EPSS

2020-08-26 05:15 PM
21
cve
cve

CVE-2020-3518

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the...

6.5CVSS

5.2AI Score

0.001EPSS

2020-08-26 05:15 PM
20
cve
cve

CVE-2020-3519

A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An...

8.1CVSS

7.9AI Score

0.001EPSS

2020-08-26 05:15 PM
24
Total number of security vulnerabilities114