22 matches found
EUVD-2024-18147
Malicious code in bioql PyPI...
CVE-2025-20348
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...
The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller (NDFC) lies in the lack of authentication, which allows a malicious actor to influence the integrity of the protected information.
The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller NDFC relates to the absence of authentication. Exploiting this vulnerability can allow a malicious actor to influence the integrity of the protected information...
CVE-2024-20449
A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secur...
CVE-2024-20432
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...
CVE-2024-20490
The CVE-2024-20490 issue affects Cisco Nexus Dashboard Fabric Controller (NDFC) and Nexus Dashboard Orchestrator (NDO). Root cause: HTTP proxy credentials can be recorded in internal logs stored in tech support files, exposing admin credentials in clear text when those files are accessed. Impact:...
CVE-2024-20449
CVE-2024-20449 affects Cisco Nexus Dashboard Fabric Controller (NDFC). The issue is due to improper path validation, enabling an authenticated, low-privilege remote attacker to upload malicious code via SCP using path traversal, potentially executing arbitrary code inside a container with root pr...
CVE-2024-20448 Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability
A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...
CVE-2024-20448 Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability
A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...
CVE-2024-20444
CVE-2024-20444 affects Cisco Nexus Dashboard Fabric Controller (NDFC). Root cause: insufficient validation of command arguments in a REST API endpoint, enabling an authenticated, network-admin-user to perform a command-injection attack. Potential impact per sources: ability to overwrite sensitive...
CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...
Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability
A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities
Multiple vulnerabilities in the REST APIs of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a limited set of network-admin functions on an affected device. For more information about these...
CVE-2024-20348
CVE-2024-20348 affects Cisco Nexus Dashboard Fabric Controller (NDFC) and its Out-of-Band Plug and Play (PnP) feature. The issue arises from an unauthenticated provisioning web server, enabling an unauthenticated, remote attacker to read arbitrary files in the PnP container. Impact is read access...
CVE-2024-20348
A vulnerability in the Out-of-Band OOB Plug and Play PnP feature of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this...
CVE-2022-20860
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus...