CVE-2022-20926

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

CVE-2022-20925

Summary (CVE-2022-20925) : The Cisco Firepower Management Center (FMC) web management interface is affected by an API input validation vulnerability. An authenticated attacker with Device-permission credentials could exploit crafted input to API endpoints to execute arbitrary OS commands with low...

Cisco Firepower Management Center Software Command Injection Vulnerabilities (cisco-sa-fmc-cmd-inj-Z3B5MY35)

The version of Cisco Firepower Management Center installed on the remote host is prior to tested version. It is, therefore, affected by insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit these vulnerabilities by sending crafted input to an...

Cisco Firepower Management Center Software Command Injection Vulnerabilities

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. These vulnerabilities are due to insufficient validation of user-supplied...

Cisco Firepower Management Center 操作系统命令注入漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center FMC Software suffers from an operating system command injection vulnerability that stems from insufficient validation of certain API endpoint parameters...

Cisco Firepower Management Center 操作系统命令注入漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center FMC Software suffers from an operating system command injection vulnerability that stems from insufficient validation of certain API endpoint parameters...

Gain Control of Rapidly Securing Your Critical APIs Without Worrying About Your Backend Stack

Imagine trying to protect your web application farm, while needing to integrate with all the different web servers backend stacks on a one-to-one basis. This requires a WAF that understands systems such as Nginx, Apache, IIS, and Tomcat. You will effectively start a project that will never end du...

PT-2022-8690 · Asus · Asus Rt-N12+

Name of the Vulnerable Software and Affected Versions: Asus RT-N12E version 2.0.0.39 Description: The issue is related to incorrect access control. An attacker can change the administrator password without authentication through the "system.asp" and "start apply.htm" API endpoints. Recommendation...

PT-2022-20888 · Concourse · Concourse

Name of the Vulnerable Software and Affected Versions: Concourse versions 6.x.y prior to 6.7.9 Concourse versions 7.x.y prior to 7.8.3 Description: The issue is an authorization bypass that allows a Concourse user to send a request with a body including :team name=team2 to bypass team scope check...

PT-2022-22594 · Unknown · Boodskap Iot Platform

Name of the Vulnerable Software and Affected Versions: Boodskap IoT Platform version 4.4.9-02 Description: The issue allows attackers to make unauthenticated API requests. Recommendations: For Boodskap IoT Platform version 4.4.9-02, consider restricting access to API endpoints to prevent...

Bitbucket Git Command Injection

Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/projectKey/repos/repositorySlug/archive endpoint creates an archive of the repository, leveraging the git-archive...

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804. The advisory reveals a command injection vulnerability in multiple API endpoints, which allows an attacker with access to a public repository or with read permissions to a...

PT-2022-25488 · Nokia · Nokia 1350 Oms

Name of the Vulnerable Software and Affected Versions: NOKIA 1350OMS version R14.2 Description: A reflected XSS issue was discovered, affecting various "/cgi-bin/R14.2" API endpoints. Recommendations: For NOKIA 1350OMS version R14.2, consider restricting access to the affected "/cgi-bin/R14.2" AP...

CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

CVE-2021-36783

CVE-2021-36783 (Rancher info-disclosure) affects SUSE Rancher where credentials, passwords and API tokens stored in cleartext are exposed via API endpoints to authenticated users (Cluster Owners/Members, Project Owners/Members). Affected: Rancher versions before 2.6.4 (and 2.5.x before 2.5.13). R...

PT-2022-4712

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.6.4 Rancher versions prior to 2.5.13 Description A vulnerability in SUSE Rancher allows authenticated users, including Cluster Owners, Cluster Members, Project Owners, and Project Members, to read credentials,...

Atlassian Bitbucket Server和Data Center命令执行漏洞

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff views, JIRA integration, and build integration.A command execution vulnerability exists in Atlassian Bitbucket Server and Data...

CVE-2022-36804

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...

Design/Logic Flaw

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...

CVE-2022-36804

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...