2024

2023

2022

2021

2020

CVE-2020-3329 (v3: 4.3) 6 May 2020
A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.
CVE-2020-3243 (v3: 9.8) 15 Apr 2020
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-3250 (v3: 9.8) 15 Apr 2020
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-11561 (v3: 8.8) 7 Apr 2020
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.

2019

2018

CVE-2018-16483 (v3: 8.8) 1 Feb 2019
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

2017

CVE-2017-1150 (v3: 3.1) 8 Mar 2017
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

2016

2015