CVE-2024-20432 Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

CVE-2024-20432

Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by CVE-2024-20432 via a REST API and web UI command-injection flaw caused by improper user authorization and insufficient validation of command arguments. A low-privilege, authenticated attacker could submit crafted commands to affected R...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities

Multiple vulnerabilities in the REST APIs of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a limited set of network-admin functions on an affected device. For more information about these...

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

CVE-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only...

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

CVE-2024-47804

CVE-2024-47804 describes a Jenkins item-creation restriction bypass: when creating a prohibited item via CLI/REST, the item is created in memory and only removed from disk, enabling attackers with Item/Configure permission to persist it. Affected versions: Jenkins 2.478 and earlier, LTS 2.462.2 a...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

PT-2024-8626 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an...

Cisco Nexus Dashboard和Nexus Dashboard Fabric Controller 安全漏洞

Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller are both products of Cisco, Inc.Cisco Nexus Dashboard is a single console. The Cisco Nexus Dashboard is a single console that simplifies the operation and management of data center networks.The Cisco Nexus Dashboard Fabric Controll...

CVE-2024-9194 SQL Injection in the Octopus Server REST API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...

CVE-2024-9194 SQL Injection in the Octopus Server REST API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...

CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders a...

CVE-2024-8678

CVE-2024-8678 affects the Revolut Gateway for WooCommerce plugin for WordPress (versions up to and including 4.17.3). The issue is unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint, enabling unauthenticated attackers to mark orders as comp...

CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders a...