CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

PT-2023-6001 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: FortiSIEM versions 6.4.0 through 6.4.2 FortiSIEM versions 6.5.0 through 6.5.1 FortiSIEM versions 6.6.0 through 6.6.3 FortiSIEM versions 6.7.0 through 6.7.5 FortiSIEM version 7.0.0 Description: The issue is related to an improper neutralizatio...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.

The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

Jumpserver Information Disclosure Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an information disclosure vulnerability caused by exposing random number seeds to the API, which could allow replay of randomly generated CAPTCHAs, leading to password...

The vulnerability of the application software interface of the microprogramming system for controller security and session management in IP networks, OpenScape SBC (Session Border Controller), the software tool for integrating communication systems into a unified communication system, OpenScape BCF (Business Communication Fabric), and the OpenScape Branch server allow a perpetrator to execute arbitrary PHP code.

The vulnerability of the application programming interface of microprogramming software for controlling security and managing communication sessions in IP networks, the OpenScape SBC Session Border Controller, a software tool for integrating communication systems into a unified communication...

Undefined Behavior for Input to API in Mutt

...

The vulnerability of the local management platform FortiSwitchManager, related to errors in access control, allows a attacker to modify settings by sending commands through the application programming interface.

The vulnerability of the FortiSwitchManager local management platform is related to errors in access control. Exploiting this vulnerability allows a malicious actor to make changes to settings by sending commands through the application programming interface...

The vulnerability of the iperf function in the application software interface for ASUS RT-AX55, RT-AX56U, and RT-AC86U routers allows a hacker to execute arbitrary code.

The vulnerability of the iperf function in the application programming interface for ASUS RT-AX55, RT-AX56UV2, and RT-AC86U routers is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

Fortinet FortiSwitchManager 安全漏洞

Fortinet FortiSwitchManager is a network switch management tool from Fortinet designed to help organizations manage their FortiSwitch family of network switches. An improper access control vulnerability exists in Fortinet FortiSwitchManager. The vulnerability is caused by a flawed authentication...

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a Format String Error vulnerability that stems from a format string vulnerability found in the iperf client function API...

WireMock security vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a security vulnerability that stems from vulnerability to DNS rebinding attacks...

PT-2023-17071 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where a namespace-level banned user can access the API. Recommendations: For GitLa...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that user...

The administration panel of the Ivanti Sentry integrated mobile security firewall has vulnerabilities. These vulnerabilities allow a intruder to modify configurations, execute system commands, or write files to the system.

The vulnerability of the administration panel of the Ivanti Sentry integrated mobile security gateway is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify configurations, execute system commands, or write files to the syst...

CVE-2023-24515

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...

PT-2023-28767 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to a Denial of Service DoS that can be caused by an authenticated user to the REST API Interface. Recommendations: ...