Lucene search
K

506 matches found

RedHat Linux
RedHat Linux
added 2020/12/22 10:49 a.m.4 views

mysql: C API unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

5.9CVSS6.8AI score0.03485EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.5 views

Cisco Integrated Management Controller 输入验证错误漏洞

The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series rackmount servers and Cisco S-Series storage servers. A remote code execution vulnerability exists in the API subsystem of the Cisco Integrated...

10CVSS8.2AI score0.046EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/11/04 4:0 p.m.2 views

CVE-2020-27128

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by...

6.5CVSS5.8AI score0.60785EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/23 12:0 a.m.2 views

Verint Workforce Optimization Information Disclosure Vulnerability

Verint Workforce Optimization is a unified suite of software and services for capturing interactions and managing employee performance across an enterprise or target area. An information disclosure vulnerability exists in Verint Workforce Optimization 15.1 15.1.0.37634. An attacker could exploit...

5.3CVSS6.3AI score0.0146EPSS
Exploits1References1
OSV
OSV
added 2020/07/07 1:15 p.m.1 views

UBUNTU-CVE-2020-15566

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: 1 port is already in use, 2 the memory allocation failed, or...

6.5CVSS7.2AI score0.00409EPSS
Exploits0References6
CNVD
CNVD
added 2020/06/22 12:0 a.m.3 views

Mattermost Server Authorization Issues Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.7.0 and 3.6.3. An attacker can exploit this vulnerability by using the API to create teams without authentication...

5.3CVSS6.8AI score0.00769EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.3 views

The vulnerability of the REST API interface for managing physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data allows a attacker to trigger a service failure.

The vulnerability of the REST API interface for managing physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger...

10CVSS7.4AI score0.60158EPSS
Exploits4References2Affected Software2
OSV
OSV
added 2020/04/07 4:15 p.m.2 views

CVE-2017-18669

An issue was discovered on Samsung mobile devices with N7.x software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 June 2017...

7.5CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.3 views

The vulnerability of the Gem owner command in the RubyGems package management system, related to the output of API responses into the standard output stream, allows a hacker to compromise data integrity.

The vulnerability of the Gem owner command in the RubyGems package management system is related to the way API responses are printed to the standard output stream. Exploiting this vulnerability allows a remote attacker to compromise data integrity by using a specially crafted escape sequence...

7.8CVSS6.7AI score0.03372EPSS
Exploits0References10Affected Software7
OSV
OSV
added 2020/02/03 11:15 a.m.2 views

CVE-2020-3927

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

7.5CVSS7.2AI score0.01205EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/01/29 12:0 a.m.3 views

The vulnerability of the API interface of the Cisco Smart Software Manager On-Prem administration license management software allows a perpetrator to trigger a service failure.

The vulnerability of the API interface of the Cisco Smart Software Manager On-Prem administration license software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

8.5CVSS7.5AI score0.01073EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/13 12:0 a.m.5 views

The vulnerability in the matching functions of JavaScript in Firefox browsers, Firefox ESR, and the Thunderbird email client allows a hacker to trigger a service failure.

The vulnerability of the compatibility functions in JavaScript-based browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to a lack of mechanisms for checking input data. Exploiting this vulnerability can allow an attacker to cause service failures during API...

10CVSS7.7AI score0.01685EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2019/10/02 3:15 p.m.3 views

CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

9.8CVSS7.3AI score0.03321EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2019/10/01 7:10 a.m.4 views

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

7.5CVSS5.8AI score0.03478EPSS
Exploits0References4
OSV
OSV
added 2019/07/25 9:15 p.m.3 views

DEBIAN-CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

7.5CVSS6.8AI score0.03478EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/24 12:0 a.m.1 views

Cat Runner Decorate Home for Android Input Validation Error Vulnerability

Cat Runner Decorate Home for Android is a parkour game based on the Android platform. An input validation error vulnerability exists in the application API of Cat Runner Decorate Home version 2.8.0 for Android, which can be exploited by an attacker to modify the application data and obtain more...

7.5CVSS6.8AI score0.0137EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/07/02 7:45 p.m.3 views

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

9.1CVSS5.8AI score0.02464EPSS
Exploits0References9
OSV
OSV
added 2019/06/18 4:15 p.m.4 views

UBUNTU-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.1CVSS6.8AI score0.01751EPSS
Exploits1References7
OSV
OSV
added 2019/06/17 8:15 p.m.4 views

DEBIAN-CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS9.3AI score0.03372EPSS
Exploits0References1
OSV
OSV
added 2019/02/17 3:29 p.m.4 views

CVE-2019-8393

HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...

9.8CVSS7.4AI score0.01135EPSS
Exploits1References1
Rows per page
Query Builder