Lucene search
K

508 matches found

CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

MediaTek vow 安全漏洞

MediaTek vow is an application chip from MediaTek, China. It provides optimized platform size and power consumption. A security vulnerability exists in MediaTek vow that stems from undefined behavior due to API misuse. This could result in a local privilege escalation that requires system executi...

6.7CVSS6.8AI score0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/24 4:0 p.m.4 views

CVE-2022-20921

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...

8.8CVSS7.3AI score0.01018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.2 views

CVE-2021-3590

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS5.4AI score0.00556EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

Foreman 安全漏洞

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and reporting status. Foreman has a security vulnerability that stems from an identified credential leak, which exposes Azure...

8.8CVSS7.7AI score0.00556EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/21 12:0 a.m.3 views

Johnson Controls Metasys ADS/ADX/OAS Servers 访问控制错误漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. An access control error vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS versions 10 and 11, which stems from the fact that under certain circumstances, an unauthenticated user c...

5.3CVSS5.7AI score0.00582EPSS
Exploits0References6
OSV
OSV
added 2022/06/24 5:15 p.m.2 views

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4.9CVSS5.8AI score0.01209EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 5:21 p.m.3 views

GHSA-MJ8V-773W-5QHJ Mattermost Server allows System Admin to modify LDAP account names and email addresses

An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account...

2.7CVSS7AI score0.00624EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.3 views

UniverSIS-students 信息泄露漏洞

UniverSIS-students is the interface for all student interactions in UniverSIS. An information disclosure vulnerability exists in UniverSIS-students prior to version 1.5.0, which stems from a lack of sensitive information protection in /api/students/me/courses/. An attacker can use this...

6.5CVSS6.5AI score0.00935EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/05/13 1:7 a.m.5 views

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4992 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4992 Source advisory: OSV:GHSA-JCMH-X32V-7MGF...

9.8CVSS7.2AI score0.01167EPSS
Exploits0
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.4 views

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...

7.5CVSS7.4AI score0.02313EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.5 views

UniverSIS UniverSIS-API SQL注入漏洞

UniverSIS UniverSIS-API is a student information system architecture interface. A remote attacker could use this vulnerability to retrieve personal information or change grades by sending a crafted SQL statement...

8.1CVSS5.9AI score0.01386EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.4 views

Vulnerability of the API component: A software platform in Node.js that allows attackers to compromise data integrity

The vulnerability of the API component in the Node.js software platform is related to insufficient checking of the rejectUnauthorized value. Exploiting this vulnerability allows an attacker to compromise data integrity...

5.3CVSS6.5AI score0.1473EPSS
Exploits1References11Affected Software7
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.4 views

PT-2022-2355 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient API authorization checking on the underlying operating system of the History API in Cisco SD-WAN vManage Software. This could allo...

6.8CVSS6.3AI score0.00877EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/04/12 5:15 p.m.3 views

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

9.8CVSS6.2AI score0.02629EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/03/11 6:15 p.m.4 views

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control...

9.8CVSS7.2AI score0.00984EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.7 views

FreeTAKServer-UI 信息泄露漏洞

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...

7.5CVSS5.3AI score0.01073EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/03 12:0 a.m.5 views

Airspan Mmp 安全漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks U.S.A. An authorization issue vulnerability exists in Airspan Networks Mmp, which could be exploited by attackers to access these API routes and enable remot...

10CVSS6.1AI score0.03527EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.4 views

treq 信息泄露漏洞

treq is an advanced Twisted HTTP client API. An information disclosure vulnerability exists in treq, which could allow an attacker to obtain sensitive information...

6.5CVSS6.4AI score0.01083EPSS
Exploits0References5
OSV
OSV
added 2022/01/19 12:15 p.m.4 views

CVE-2022-21377

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web API. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

5.4CVSS6.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/07 6:15 p.m.3 views

CVE-2021-43175

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...

7.5CVSS7.2AI score0.01161EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder