Lucene search
K

263 matches found

Cvelist
Cvelist
added 2020/12/11 3:29 a.m.31 views

CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

4.3CVSS4.3AI score0.00815EPSS
Exploits0References2
NVD
NVD
added 2020/12/01 3:15 a.m.20 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

5.2CVSS5.6AI score0.03236EPSS
Exploits4References6
CNNVD
CNNVD
added 2020/11/30 12:0 a.m.5 views

containerd security vulnerability

containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. A security vulnerability exists in containerd versions prior to 1.3.9 and 1.4.3 that stems from the...

5.2CVSS6.7AI score0.03236EPSS
Exploits4References18
Positive Technologies
Positive Technologies
added 2020/09/29 12:0 a.m.5 views

PT-2020-13465 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1 Description: A vulnerability was discovered that could expose the private activity of a user under certain conditions via the API. Recommendations: For versions prior to 13.1, update to version 13.1 or later to...

6.5CVSS6.2AI score0.0101EPSS
Exploits1References9
OSV
OSV
added 2020/06/19 8:15 p.m.12 views

CVE-2016-11080

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

4.3CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2020/05/05 10:15 p.m.1 views

UBUNTU-CVE-2020-11033

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...

7.2CVSS5.9AI score0.01038EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/12 12:0 a.m.4 views

PT-2020-12797 · Kong · Docker-Kong

Name of the Vulnerable Software and Affected Versions: docker-kong versions through 2.0.3 Description: An issue was discovered where the admin API port may be accessible on interfaces other than 127.0.0.1. The vendor argues that this is not a vulnerability because it has an inaccurate bug scope a...

9.8CVSS6.8AI score0.33825EPSS
Exploits0References12
OSV
OSV
added 2020/04/06 10:15 p.m.3 views

CVE-2020-11592

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database...

7.5CVSS7.1AI score0.01209EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

9.8CVSS7.3AI score0.08877EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2019/10/30 12:35 p.m.4 views

heketi: heketi can be installed using insecure defaults

It was found that the default configuration of Heketi does not require any authentication, potentially exposing the Heketi server API to be misused. An unauthenticated attacker could connect remotely to Heketi Server and run arbitrary commands supported by Heketi Server API via Heketi CLI...

9.8CVSS5.8AI score0.01414EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/08/19 12:0 a.m.4 views

PT-2019-18007 · Lenovoemc +1 · Lenovoemc Nas +1

Name of the Vulnerable Software and Affected Versions: Iomega and LenovoEMC NAS products affected versions not specified Description: The issue is related to an information leakage vulnerability. It could allow disclosure of some device details, such as Share names, through the device API when...

5.3CVSS5.3AI score0.011EPSS
Exploits0References2
OSV
OSV
added 2019/08/05 12:15 p.m.3 views

CVE-2019-14525

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...

4.9CVSS5.8AI score0.01528EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/06/21 12:0 a.m.42 views

RHEL 8 : virt:rhel (RHSA-2019:1580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1580 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems...

8.8CVSS8.2AI score0.00549EPSS
Exploits0References10
OSV
OSV
added 2018/12/20 9:29 p.m.3 views

CVE-2018-15720

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

9.8CVSS5.8AI score0.01495EPSS
Exploits1References1
OSV
OSV
added 2018/12/20 2:29 p.m.2 views

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

8.1CVSS5.8AI score0.03448EPSS
Exploits0References3
OSV
OSV
added 2018/09/04 1:49 p.m.8 views

SUSE-SU-2018:2608-1 Security update for cobbler

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

9.8CVSS7.7AI score0.6786EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2018/08/09 3:18 p.m.32 views

CVE-2018-10931

An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context. Mitigation...

9.8CVSS2.8AI score0.6786EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/22 12:0 a.m.2 views

CoreOS Tectonic Information Disclosure Vulnerability

CoreOS Tectonic is an automated enterprise Kubernetes platform. The platform automates operational tasks, enabling platform portability and multi-cluster management. An information disclosure vulnerability exists in CoreOS Tectonic version 1.7.x before 1.7.9-tectonic.4 and version 1.8.x before...

7.5CVSS6.4AI score0.01671EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/16 12:0 a.m.3 views

MediaWiki File Download Vulnerability

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A file download vulnerability exists in the api.php file in MediaWiki version...

9.8CVSS6.8AI score0.07714EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/23 12:0 a.m.29 views

Fedora 24 : wordpress (2017-01c3288bef)

WordPress 4.7.1 Security and Maintenance Release This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues : - Remote code execution RCE in PHPMailer No specific iss...

6AI score
Exploits0References3
Rows per page
Query Builder