508 matches found
MediaTek vow 安全漏洞
MediaTek vow is an application chip from MediaTek, China. It provides optimized platform size and power consumption. A security vulnerability exists in MediaTek vow that stems from undefined behavior due to API misuse. This could result in a local privilege escalation that requires system executi...
CVE-2022-20921
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Foreman 安全漏洞
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and reporting status. Foreman has a security vulnerability that stems from an identified credential leak, which exposes Azure...
Johnson Controls Metasys ADS/ADX/OAS Servers 访问控制错误漏洞
Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. An access control error vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS versions 10 and 11, which stems from the fact that under certain circumstances, an unauthenticated user c...
CVE-2022-29097
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...
GHSA-MJ8V-773W-5QHJ Mattermost Server allows System Admin to modify LDAP account names and email addresses
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account...
UniverSIS-students 信息泄露漏洞
UniverSIS-students is the interface for all student interactions in UniverSIS. An information disclosure vulnerability exists in UniverSIS-students prior to version 1.5.0, which stems from a lack of sensitive information protection in /api/students/me/courses/. An attacker can use this...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4992 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4992 Source advisory: OSV:GHSA-JCMH-X32V-7MGF...
TerraMaster TOS 安全漏洞
TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...
UniverSIS UniverSIS-API SQL注入漏洞
UniverSIS UniverSIS-API is a student information system architecture interface. A remote attacker could use this vulnerability to retrieve personal information or change grades by sending a crafted SQL statement...
Vulnerability of the API component: A software platform in Node.js that allows attackers to compromise data integrity
The vulnerability of the API component in the Node.js software platform is related to insufficient checking of the rejectUnauthorized value. Exploiting this vulnerability allows an attacker to compromise data integrity...
PT-2022-2355 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient API authorization checking on the underlying operating system of the History API in Cisco SD-WAN vManage Software. This could allo...
CVE-2022-27140
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...
CVE-2022-23730
The public API error causes for the attacker to be able to bypass API access control...
FreeTAKServer-UI 信息泄露漏洞
FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...
Airspan Mmp 安全漏洞
Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks U.S.A. An authorization issue vulnerability exists in Airspan Networks Mmp, which could be exploited by attackers to access these API routes and enable remot...
treq 信息泄露漏洞
treq is an advanced Twisted HTTP client API. An information disclosure vulnerability exists in treq, which could allow an attacker to obtain sensitive information...
CVE-2022-21377
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web API. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
CVE-2021-43175
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...