Lucene search
K

4966 matches found

CVE
CVE
added 2024/10/08 3:48 p.m.105 views

CVE-2024-47161

CVE-2024-47161 affects JetBrains TeamCity prior to 2024.07.3. The vulnerability allows password disclosure via the Sonar runner REST API. Root cause and exact impacted components are not detailed in the provided documents beyond the general description. Impact is described as confidential data ex...

6.5CVSS4.9AI score0.00304EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/10/08 12:0 a.m.6 views

Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...

8.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2024/10/04 7:9 a.m.20 views

BIT-JENKINS-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk,...

4.3CVSS5.5AI score0.00684EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/03 12:0 a.m.42 views

Jenkins LTS < 2.462.3 / Jenkins weekly < 2.479 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.462.3 or Jenkins weekly prior to 2.479. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact...

4.3CVSS6.4AI score0.0084EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/02 6:31 p.m.30 views

Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

7.5CVSS6.9AI score0.00583EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/02 6:31 p.m.27 views

GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

5.3CVSS7.5AI score0.00583EPSS
Exploits0References2
NVD
NVD
added 2024/10/02 5:15 p.m.18 views

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

5.4CVSS0.00456EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 5:15 p.m.6 views

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

5.4CVSS5.8AI score0.00456EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 5:15 p.m.6 views

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS5.8AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.15 views

CVE-2024-20444

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

5.5CVSS0.0076EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.17 views

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.30 views

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS0.0115EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.16 views

CVE-2024-20438

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

6.3CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.26 views

CVE-2024-20441

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

6.5CVSS0.00457EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 5:15 p.m.5 views

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

8.8CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 4:55 p.m.16 views

CVE-2024-20477 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

5.4CVSS6.9AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 4:55 p.m.20 views

CVE-2024-20477 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

5.4CVSS0.00456EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:55 p.m.81 views

CVE-2024-20477

Cisco CVE-2024-20477 concerns an unauthorized REST API endpoint in Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privilege, remote attacker could bypass authorization on this endpoint and upload files into a specific container or delete files from a folder within that cont...

5.4CVSS5.4AI score0.00456EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/10/02 4:54 p.m.28 views

CVE-2024-20444 Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

5.5CVSS0.0076EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 4:54 p.m.17 views

CVE-2024-20444 Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

5.5CVSS7.4AI score0.0076EPSS
Exploits0References1
Rows per page
Query Builder