4960 matches found
CVE-2024-20441
CVE-2024-20441 affects Cisco Nexus Dashboard Fabric Controller (NDFC) REST API endpoint. The issue arises from insufficient authorization controls on the endpoint, enabling an authenticated, low-privilege, remote attacker to access sensitive configuration data. A successful exploit could allow do...
CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...
CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...
CVE-2024-20438
Cisco Nexus Dashboard Fabric Controller (NDFC) REST API vulnerability allows an authenticated, low-privileged, remote attacker to read or write files on an affected device due to missing authorization controls on certain REST endpoints. The issue affects the NDFC/Nexus Dashboard REST APIs (subset...
CVE-2024-20432
Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by CVE-2024-20432 via a REST API and web UI command-injection flaw caused by improper user authorization and insufficient validation of command arguments. A low-privilege, authenticated attacker could submit crafted commands to affected R...
CVE-2024-20432 Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...
Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability
A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities
Multiple vulnerabilities in the REST APIs of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a limited set of network-admin functions on an affected device. For more information about these...
CVE-2024-47804
If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2024-47804
If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only...
CVE-2024-47805
CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...
CVE-2024-47804
CVE-2024-47804 describes a Jenkins item-creation restriction bypass: when creating a prohibited item via CLI/REST, the item is created in memory and only removed from disk, enabling attackers with Item/Configure permission to persist it. Affected versions: Jenkins 2.478 and earlier, LTS 2.462.2 a...
Cisco Nexus Dashboard和Nexus Dashboard Fabric Controller 安全漏洞
Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller are both products of Cisco, Inc.Cisco Nexus Dashboard is a single console. The Cisco Nexus Dashboard is a single console that simplifies the operation and management of data center networks.The Cisco Nexus Dashboard Fabric Controll...
PT-2024-8626 · Cisco · Cisco Nexus Dashboard
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an...
CVE-2024-9194 SQL Injection in the Octopus Server REST API
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...