Lucene search
K

50 matches found

NVD
NVD
added 2019/05/31 3:29 p.m.32 views

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS9.6AI score0.01938EPSS
Exploits0References5
OSV
OSV
added 2019/05/31 3:29 p.m.23 views

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS6.9AI score
Exploits0References5
Veracode
Veracode
added 2019/05/02 6:30 a.m.24 views

Denial Of Service (DoS)

CloudForms Management Engine cfme is vulnerable to denial of serviceDoS attacks. An attacker is able to execute arbitrary methods via filtering on VMs that MiqExpression will execute, triggerable by API users. An attacker could use this flaw to crash the application...

8.8CVSS8.6AI score0.01703EPSS
Exploits0References217Affected Software5
Prion
Prion
added 2018/07/26 1:29 p.m.23 views

Privilege escalation

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

6.5CVSS8.8AI score0.01703EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/06/19 9:0 p.m.21 views

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...

8.4AI score0.02436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/08/02 3:19 p.m.28 views

CVE-2017-7530

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...

8.8CVSS7.6AI score0.01703EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2014/03/31 12:0 a.m.2 views

Veritas Backup Exec Server Remote Registry Access Code Execution - Ver2 (CVE-2005-0771)

A code execution vulnerability has been reported in Veritas Backup Exec Server. Successful exploitation of this vulnerability could allow a remote attacker to modify the registry and execute arbitrary methods via RPC on the affected system...

10CVSS5.5AI score0.54155EPSS
Exploits2
Cvelist
Cvelist
added 2014/03/18 2:0 p.m.31 views

CVE-2014-0057

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

7.3AI score0.01587EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/03/11 4:56 p.m.4 views

CFME: Dangerous send in ServiceController

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

7.5CVSS6.1AI score0.01587EPSS
Exploits0References4
Prion
Prion
added 2011/02/25 12:0 p.m.20 views

Authentication flaw

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562...

7.5CVSS7.5AI score0.02381EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder