1080 matches found
[SECURITY] [DLA 2779-1] mediawiki security update
Debian LTS Advisory DLA-2779-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2021 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u10 CVE ID : CVE-2021-35197 CVE-2021-41798 CVE-2021-41799 Multiple security issues were found in...
CVE-2021-34782
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An...
Cisco DNA Center 安全漏洞
Cisco DNA Center is a network management and command center service from Cisco USA. A security vulnerability exists in Cisco DNA Center that stems from improper access control to API endpoints. An attacker could exploit the vulnerability by sending specific API requests to the affected applicatio...
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...
Improper access control
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...
Debian DSA-4979-1 : mediawiki - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4979 advisory. Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and ...
Cross-site Scripting in LibreNMS
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
GHSA-2R2W-JRH2-P4GR Cross-site Scripting in LibreNMS
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
Authentication flaw
In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...
CVE-2021-28495
In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...
LibreNMS Cross-Site Scripting Vulnerability (CNVD-2021-93896)
LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool. a stored cross-site scripting vulnerability exists in API access pages in versions of LibreNMS prior to 21.3.0. The vulnerability stems from insufficient validation of the $api-description variable. An attacker could use this...
Cross site scripting
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
CVE-2021-31274
In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...
PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework
Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...
CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities
!CVE-2021-3927\67: Fortress S03 WiFi Home Security System Vulnerabilitieshttps://blog.rapid7.com/content/images/2021/08/fortress-vuln.jpg Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System. These vulnerabilities could result in...
Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues,...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
CVE-2021-27944
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload...
PT-2021-11112 · Mimosa · Mimosa B5C +1
Name of the Vulnerable Software and Affected Versions: Mimosa B5, B5c, and C5x firmware versions through 2.8.0.2 Description: The web console for the affected firmware allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access t...