CloudBees Jenkins Dependency Graph Viewer plugin unauthorized modification vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Dependency Graph Viewer is used in o...

DEBIAN-CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

The vulnerability of the api.php script of the software framework for implementing the MediaWiki hypertext environment allows a hacker to execute arbitrary code.

The vulnerability of the api.php script of the software framework for implementing the MediaWiki hypertext environment exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially prepar...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

Claymore Dual GPU miner buffer overflow vulnerability

Claymore Dual GPU miner is a GPU monitoring software for mining virtual currency computing. A buffer overflow vulnerability exists in the remote management interface's request handler in Claymore Dual GPU miner version 10.1. The vulnerability can be exploited by a remote attacker to execute...

Huawei Mobile GPU Driver Memory Double Release Vulnerability

Huawei Mate 9 and Mate 9 Pro are both smartphone products from the Chinese company Huawei.GPU driver is one of the graphics drivers used in... A double release vulnerability exists in the GPU driver in Huawei Mate 9 versions prior to MHA-AL00B 8.0.0.334C00 and Mate 9 Pro versions prior to LON-AL0...

Circle with Disney Denial of Service Vulnerability (CNVD-2017-33240)

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A denial of service vulnerability exists in the API daemon in Circle with Disney version 2.0.1. The vulnerability can be exploited to...

The vulnerability of the REST API interface of the Cisco IOS XE operating system allows a perpetrator to bypass authentication procedures and gain access to the web interface.

The vulnerability of the REST API interface of the Cisco IOS XE operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and gain access to the web interface by sending a specially crafted API...

4: ovirt-engine exposes cloud-init root password via REST API

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

dayrui FineCms Cross-Site Scripting Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the controllers/api.php file in dayrui FineCms 5.0.10 and earlier versions. A...

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

File upload vulnerability in finecms

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. File upload vulnerability exists in FineCMS. A file upload vulnerability exists in the newajaxupload function in \dayrui\controllers\member\Api.php, which can be exploited by an attacker to construct da...

WordPress API Data Handling Error Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from an API data handling error vulnerability. An attacker can exploit this vulnerability to execute...

Multiple Denial of Service Vulnerabilities in Linksys Smart Wi-Fi Routers

Linksys Smart Wi-Fi Routers are smart Wi-Fi routers. Multiple denial of service vulnerabilities exist in Linksys Smart Wi-Fi Routers. Allows an unauthenticated attacker to create a denial-of-service DoS condition on the router that will cause the router to stop responding or reboot by sending...

IBM API Connect Command Execution Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A command execution vulnerability exists in IBM API Connect. An attacker could exploit this vulnerability to execute arbitrary commands on ...

CVE-2016-4950

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions...

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

The vulnerability of Google Chrome browser allows a perpetrator to replace the content of the Omnibox component.

The vulnerability of the Google Chrome browser’s API extension exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to replace the content of the Omnibox component remotely...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s API is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, allow attackers to circumvent restrictions on the execution of JavaScript APIs.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, are related to security configuration errors. Exploiting these vulnerabilities can allow a malicious actor to bypas...