145 matches found
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...
Google Chrome 资源管理错误漏洞
Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the Network API in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion
The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...
CVE-2021-1369
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...
The vulnerability in the API for searching extensions of the WebExtensions framework in the Mozilla Firefox browser allows a hacker to gain unauthorized access to protected information.
The vulnerability of the API for searching WebExtensions extensions in the Mozilla Firefox browser is related to an execution error when searching certain privileged pages, such as “about: debugging”. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protect...
Systran Pure Neural Server Resource Management Error Vulnerability
Systran Pure Neural Server is a web platform product for document translation from Systran, Germany. A security vulnerability exists in Systran Pure Neural Server prior to version 9.7.0 that stems from an API call in the Translation API function Systran Pure Neural Server prior to 9.7.0 that allo...
Google’s Waze Can Allow Hackers to Identify and Track Users
A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track...
mysql: Server: C API unspecified vulnerability (CPU Oct 2019)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: C API. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
Flaw in Safari browser’s API implementation lets user files to be stolen
By Sudais Asif Being one of the major web browsers, Safari browser gets its fair share of scrutiny from cybersecurity professionals. This is a post from HackRead.com Read the original post: Flaw in Safari browsers API implementation lets user files to be stolen...
UBUNTU-CVE-2020-14550
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...
CVE-2020-10890
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-10890
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users
Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it...
Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender
Summary There are vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 and 8, IBM SDK, Java Technology Edition Version 8 and Eclipse Open J9 that affect IBM Transformation Extender. Vulnerability Details CVEID: CVE-2018-1890 Description: On the AIX platform, the IBM Jav...
PT-2019-5224 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...
Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities
Summary IBM MessageSight has addressed the following Java vulnerabilities: CVE-2019-2698: An attacker can use a maliciously crafted font to exploit a flaw in the JDK's font parsing code CVE-2019-2697: An attacker can use a maliciously crafted font to exploit a flaw in the JDK's font parsing code...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.
Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. These issues have been addressed in IBM Java SDK updates in Apr...
Tic Toc Pwned
We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That’s the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch...
CVE-2018-1000829
Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security...