Lucene search
K

33 matches found

Vulnrichment
Vulnrichment
added 2024/10/02 4:53 p.m.13 views

CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS6.7AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 4:53 p.m.32 views

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

5.7CVSS0.00463EPSS
Exploits0References1
NVD
NVD
added 2024/02/05 2:15 p.m.26 views

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS9.9AI score0.78375EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/02/05 1:26 p.m.34 views

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS10AI score0.78375EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/02/05 1:26 p.m.26 views

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS9.3AI score0.78375EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/02/05 1:26 p.m.38 views

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS10AI score0.03224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/05 1:26 p.m.20 views

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS9.3AI score0.03224EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.4 views

GitHub Enterprise Server Authorization Issues Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.9.7, prior ...

7.5CVSS6.8AI score0.00815EPSS
Exploits0References4
Prion
Prion
added 2023/11/14 6:15 p.m.24 views

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...

7.5CVSS7.9AI score0.01877EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.12 views

Fortinet FortiSIEM 安全漏洞

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from a command execution vulnerability that stem...

9.8CVSS7.4AI score0.01877EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/10 4:50 p.m.41 views

CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

10CVSS10AI score0.65509EPSS
Exploits1References1
Prion
Prion
added 2023/04/28 2:15 a.m.18 views

Design/Logic Flaw

IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the...

2.1CVSS5.1AI score0.00648EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/11/26 3:59 p.m.12 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

6.8CVSS8.6AI score0.00883EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder