CVE-2010-0548

Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to 1 access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or 2 read device configuration information via...

CVE-2010-0575

Cisco Wireless LAN Controller WLC software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034...

CVE-2021-41467

Cross-site scripting XSS vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter...

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...

CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22800

A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller V5.1.0.6 and prior...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...

CVE-2021-0060

Insufficient compartmentalization in HECI subsystem for the IntelR SPS before versions SPSE504.01.04.516.0, SPSE504.04.04.033.0, SPSE504.04.03.281.0, SPSE503.01.03.116.0, SPSE305.01.04.309.0, SPS02.04.00.101.0, SPSSoC-A05.00.03.114.0, SPSSoC-X04.00.04.326.0, SPSSoC-X03.00.03.117.0,...

CVE-2021-0147

Improper locking in the Power Management Controller PMC for some Intel Chipset firmware before versions pmcfwlbgc1-21ww02a and pmcfwlbgb0-21ww02a may allow a privileged user to potentially enable denial of service via local access...

CVE-2021-0197

Protection mechanism failure in the firmware for the IntelR Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access...

CVE-2021-0643

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed...

CVE-2022-38665

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

Exploit for Deserialization of Untrusted Data in Microsoft

Incident Investigation Report Case Title: WSUS Exploi...

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

CVE-2019-11175

Insufficient input validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...

CVE-2019-11168

Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access...