PYSEC-2021-876

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface...

Apache DolphinScheduler Permission License and Access Control Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation. A security vulnerability exists in Apache DolphinScheduler prior to 1.3.2, which allows normal users to override other users' passwords via the API interface...

Tenda AC6 Denial of Service Vulnerability

Tenda AC6 is an AC1200 model intelligent dual-band WiFi router. A denial of service vulnerability exists in Tenda AC6 15.03.06.51multi. An attacker can exploit this vulnerability by sending a large HTTP POST request to the Change Password API to cause the router to crash and enter an infinite boo...

Solarwinds Orion Platform Authorization Issues Vulnerability

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user comments, and a mapped view of the entire network. The...

The vulnerability of the REST API interface implementation of the Cisco Industrial Network Director software package allows a attacker to trigger a service failure.

The vulnerability of the REST API interface implementation of the Cisco Industrial Network Director software is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Multiple vulnerabilities exist in the API subsystem of the Cisco Integrated Management Controller, a remote management device for servers. These vulnerabilities allow an attacker to execute arbitrary code.

The multiple vulnerabilities of the API subsystem of the Cisco Integrated Management Controller remote management server are related to operations that go beyond the buffer in memory. Exploitation of these vulnerabilities could allow a malicious actor to execute arbitrary code using specially...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a perpetrator to gain unauthorized access to protected information, enabling read, modify, or delete operations on data.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software lies in the absence of a authentication mechanism for accessing the database. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

Cisco IoT Field Network Director Access Control Error Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. An access control error vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. An attacker could exploit this vulnerability by sending an API request that changes the...

Cisco IoT Field Network Director File Overwrite Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A file overwrite vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from inadequate file system protection. An attacker can exploit the...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...

CVE-2020-27126

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface API within Cisco Webex Meetings. An attacker...

CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

Cisco IoT Field Network Director 访问控制错误漏洞

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. A security vulnerability exists in Cisco IoT Field Network Director FND that stems from affected software not properly validati...

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...

CVE-2020-27128

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by...

Cisco Integrated Management Controller Authorization Bypass Vulnerability

The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series rackmount servers and Cisco S-Series storage servers. An authorization bypass vulnerability exists in the API endpoints of Cisco Integrated Managemen...

Cisco SD-WAN vManage Directory Traversal Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A directory traversal vulnerability exists in the application data endpoint of Cisco SD-WAN vManage. The vulnerability stems from improper validation of directory traversal character...

PT-2020-4665 · Cisco · Cisco Integrated Management Controller

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller affected versions not specified Description: A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take...

CVE-2020-16257

Winston 1.5.4 devices are vulnerable to command injection via the API...

PT-2020-4578 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to an incorrect permissions vulnerability in the Integrations component of Magento. This could allow authenticated users with permissions to the Resource Access...