Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
controller vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34145
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines,...
NA
CVE-2024-34147
Jenkins Telegram Bot Plugin 1.4.0 and previous versions stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
NA
CVE-2024-34144
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute ...
NA
CVE-2024-3955
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation...
NA
CVE-2024-33516
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.
1 Article
NA
CVE-2024-3591
The Geo Controller WordPress plugin prior to 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
NA
CVE-2024-27002
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --...
NA
CVE-2024-3411
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an malicious user to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC...
NA
CVE-2024-20356
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root....
1 Github repository
NA
CVE-2024-20295
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local malicious user to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker mu...
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »