CVE-2022-4001

An authentication bypass vulnerability could allow an attacker to access API functions without authentication...

CVE-2022-4001

Summary of CVE-2022-4001 : The issue is an authentication bypass that could let an attacker access API functions without credentials. Connected sources identify the affected product as Motorola’s Q14 Mesh Router firmware, with the bypass affecting API-level functionality. Reported CVSS v3.1 base ...

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...

F5 Networks BIG-IP : OpenSSL vulnerability (K000132946)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132946 advisory. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is...

SUSE CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

CVE-2022-43438

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

Authorization

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...

CVE-2022-26668 ASUS Control Center - Broken Access Control

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service...

MAL-2022-6313 Malicious code in storage-image-processing-api-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd5fe1baa5d2f967fe24f1b3fdde3e077e889cdf7fc65c779ecd2a002bb2de8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for weechat (moderate)

openSUSE Security Update: Security update for weechat Announcement ID: openSUSE-SU-2022:0083-1 Rating: moderate References: 1190206 Cross-References: CVE-2021-40516 Affected Products: openSUSE Backports SLE-15-SP3 An update that fixes one vulnerability is now available. Description: This update f...

Design/Logic Flaw

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

Veeam Backup&Replication Path Traversal Vulnerability

Veeam Backup & Replication is a suite of data protection software from the Swiss company Veeam. The software provides backup, replication and recovery for VMware and Hyper-V VMs, physical and cloud environments. A path traversal vulnerability exists in Veeam Backup & Replication 9.5U3, 9.5U4, 10....

PT-2022-1828

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions 9.5U3 through 9.5U4, 10.x, and 11.x Description An improper limitation of path names allows remote authenticated users to access internal API functions. This access could allow attackers to upload and execut...

CVE-2022-21141

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

CVE-2022-21141

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

CVE-2022-21141 Airspan Networks Mimosa Incorrect Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

CVE-2021-38479

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer...

CVE-2021-38463

The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions...