19139 matches found
CVE-2022-42149
kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...
CVE-2019-11175
Insufficient input validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...
CVE-2019-11168
Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access...
CVE-2019-11177
Unhandled exception in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...
CVE-2019-11178
Stack overflow in IntelR Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access...
CVE-2019-11170
Authentication bypass in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access...
CVE-2020-7621
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...
CVE-2020-23643
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1=XSS to Home/c/WechatController.php...
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
CVE-2020-24492
Insufficient access control in the firmware for the IntelR 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access...
CVE-2020-24495
Insufficient access control in the firmware for the IntelR 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access...
CVE-2023-31015
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service...
CVE-2021-2416
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications component: Routing. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...
CVE-2024-41776
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2024-39325
aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9,...
CVE-2024-39319
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...
CVE-2023-25178
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2023-25518
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...
CVE-2023-25770
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2022-26078
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30...