CVE-2021-0643

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed...

CVE-2022-38665

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

Exploit for Deserialization of Untrusted Data in Microsoft

Incident Investigation Report Case Title: WSUS Exploi...

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

CVE-2019-11175

Insufficient input validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...

CVE-2019-11168

Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access...

CVE-2019-11177

Unhandled exception in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...

CVE-2019-11178

Stack overflow in IntelR Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access...

CVE-2019-11170

Authentication bypass in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access...

CVE-2020-7621

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

CVE-2020-23643

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1=XSS to Home/c/WechatController.php...

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

CVE-2020-24492

Insufficient access control in the firmware for the IntelR 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access...

CVE-2020-24495

Insufficient access control in the firmware for the IntelR 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access...

CVE-2023-31015

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service...

CVE-2021-2416

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications component: Routing. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-41776

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2024-39325

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9,...

CVE-2024-39319

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...