Jenkins dbCharts 插件安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins dbCharts Plugin is vulnerable to an information disclosure...

Beckhoff TwinCAT Denial of Service (CVE-2019-5637)

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 and prior and TwinCAT 3.1 version 4204.0 and prior. This plugin only works with...

Microsoft Windows Storage Spaces Controller缓冲区错误漏洞

Microsoft Windows Storage Spaces Controller is an essential driver for providing storage space functionality from Microsoft Corporation USA. A buffer error vulnerability exists in Microsoft Windows Storage Spaces Controller. The following products and editions are affected:Windows Server 2019...

Information disclosure

Storage Spaces Controller Information Disclosure Vulnerability...

Design/Logic Flaw

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-40489

Storage Spaces Controller Elevation of Privilege Vulnerability...

Ecoa Bas controller 授权问题漏洞

ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to authentication bypass, which can be exploited by attackers to remotely bypass authentication and disclose sensitive information via cookie poisoning...

Intel Thunderbolt controller 安全漏洞

The Intel Thunderbolt controller is a connector standard published by Intel, a U.S.-based company that supports both copper and fiber-optic media and is intended to be used as a common bus between computers and other devices. A security vulnerability exists in the IntelR ThunderboltTM controller...

CVE-2021-26880

Storage Spaces Controller Elevation of Privilege Vulnerability...

DEBIAN-CVE-2021-27927

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...

Information leakage vulnerability in CSC-830 of Beijing Sifang Relay Automation Company Limited (CNVD-2020-59458)

The CSC830 PLC is a compact controller for small and medium-sized discrete automation systems and stand-alone automation systems from Beijing Sifang Relay Automation Co. The CSC-830 of Beijing Sifang Relay Automation Co., Ltd. suffers from an information disclosure vulnerability that can be...

Arbitrary File Deletion Vulnerability in YCCMS controller directory Pi***.cl***.php

YCCMS is a PHP version of a lightweight CMS builder. YCCMS 3.4 version controller directory Pi.class.php arbitrary file deletion vulnerability, an attacker can use the vulnerability to delete arbitrary files...

ONAP SDNC Operating System Command Injection Vulnerability

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC versions prior to 4.0.0. The vulnerability can be exploited to execute arbitrary commands with the help of a specially crafted 'module' parameter...

UBUNTU-CVE-2020-1735

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...

The vulnerability of the control interface for the routing table of the Application Policy Infrastructure Controller allows a perpetrator to circumvent the established restrictions for certain IP ports and compromise the integrity of the protected information.

The vulnerability of the control interface for the Application Policy Infrastructure Controller exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to circumvent configured restrictions for certain IP ports and compromise the integrity of...

The vulnerability of the microprogramming software of the Intel Baseboard Management Controller (BMC) relates to reading data beyond the buffer in memory, allowing an intruder to disclose protected information.

The vulnerability of the microprogramming software of the Intel Baseboard Management Controller BMC relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Intel Baseboard Management Controller Buffer Overflow Vulnerability (CNVD-2020-12697)

The Intel Baseboard Management Controller BMC is a baseboard management controller from Intel Corporation USA. A buffer overflow vulnerability exists in Intel BMC, which originates when a networked system or product performs an operation in memory without properly validating the data boundaries,...

MITSUBISHI PLC suffers from denial of service vulnerability (CNVD-2019-30336)

MITSUBISHI PLC is a programmable controller product of Mitsubishi Electric Japan. A denial of service vulnerability exists in MITSUBISHI PLC, which can be exploited by an attacker to cause a denial of service...

The vulnerability of the Cisco Elastic Services Controller network management tool, which stems from the use of pre-installed registration data, allows a perpetrator to escalate their privileges.

The vulnerability of the Cisco Elastic Services Controller network management tool is related to the use of pre-installed registration data. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

CVE-2018-19110

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization chec...