4960 matches found
CVE-2022-42279
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42279
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42279
CVE-2022-42279 is a public vulnerability in NVIDIA BMC SPX REST API where an authorized attacker can inject shell commands, potentially enabling code execution, DoS, information disclosure, and data tampering. Connected advisories confirm affected product lines as NVIDIA DGX Station A100/A800 BMC...
CVE-2022-42278
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42278
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42278
NVIDIA BMC vulnerability CVE-2022-42278 affects the SPX REST API in NVIDIA BMC. An authorized attacker could read/write arbitrary memory within the IPMI server process, potentially enabling code execution, denial of service, information disclosure, or data tampering. Affected system: NVIDIA BMC/S...
PT-2023-14080 · Nvidia · Nvidia Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue concerns a vulnerability in the SPX REST API of NVIDIA BMC, allowing an authorized attacker to inject arbitrary shell commands. This could potentially lead to code execution,...
PT-2023-14079 · Nvidia · Nvidia Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue concerns a vulnerability in the SPX REST API of NVIDIA BMC, allowing an authorized attacker to read and write to arbitrary locations within the memory context of the IPMI serve...
PT-2023-14090 · Nvidia · Nvidia Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue concerns the SPX REST API in NVIDIA BMC, where an authorized attacker can inject arbitrary shell commands. This could lead to code execution, denial of service, information...
PT-2023-14091 · Nvidia · Nvidia Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue concerns a vulnerability in the SPX REST API of NVIDIA BMC, allowing an authorized attacker to inject arbitrary shell commands. This could lead to code execution, denial of...
Important: Red Hat Security Advisory: RHV 4.4 SP1 [ovirt-4.5.3-3] security update
Updated RHV packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
This Week in Spring - January 9th, 2023
Hi, Spring fans! As I write this Im on a plane winging my way to Helsinki, Finland. A new year and new journeys begin. Its going to be cold there. Wish me luck! Do you know what always warms me up? The thrill of learning. And this weeks no different. This week weve got some good stuff line up so...
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
PT-2023-12175 · Nuxeo · Nuxeo Platform
Name of the Vulnerable Software and Affected Versions: Nuxeo Platform version 11.5.109 Description: The Nuxeo Platform is an open source content management platform for building business applications. In the affected version, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS...
Authentication flaw
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...