CVE-2017-18669

An issue was discovered on Samsung mobile devices with N7.x software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 June 2017...

The vulnerability of the Gem owner command in the RubyGems package management system, related to the output of API responses into the standard output stream, allows a hacker to compromise data integrity.

The vulnerability of the Gem owner command in the RubyGems package management system is related to the way API responses are printed to the standard output stream. Exploiting this vulnerability allows a remote attacker to compromise data integrity by using a specially crafted escape sequence...

CVE-2020-3927

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

The vulnerability of the API interface of the Cisco Smart Software Manager On-Prem administration license management software allows a perpetrator to trigger a service failure.

The vulnerability of the API interface of the Cisco Smart Software Manager On-Prem administration license software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability in the matching functions of JavaScript in Firefox browsers, Firefox ESR, and the Thunderbird email client allows a hacker to trigger a service failure.

The vulnerability of the compatibility functions in JavaScript-based browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to a lack of mechanisms for checking input data. Exploiting this vulnerability can allow an attacker to cause service failures during API...

CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

DEBIAN-CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Cat Runner Decorate Home for Android Input Validation Error Vulnerability

Cat Runner Decorate Home for Android is a parkour game based on the Android platform. An input validation error vulnerability exists in the application API of Cat Runner Decorate Home version 2.8.0 for Android, which can be exploited by an attacker to modify the application data and obtain more...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

UBUNTU-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

DEBIAN-CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

CVE-2019-8393

HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

SonarSource SonarQube Information Disclosure Vulnerability

SonarSource SonarQube is an open source code quality management platform from SonarSource Switzerland. The platform can detect code quality from seven dimensions , as well as through the form of plug-ins to support a variety of programming languages , including java, C, C/C++ and other code quali...

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...

The vulnerability of the API components of Sun ZFS Storage Appliance Kit allows a hacker to gain full control over the application.

The vulnerability of the API framework components of the Sun ZFS Storage Appliance Kit AK is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application by using network protocols...

Lenovo XClarity Administrator Parameter Injection Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...

CVE-2018-11060

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges...

Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2...