Unauthorized Access Vulnerability in Jingyun Network Antivirus System

Jingyun Network Antivirus System is a new generation of enterprise-level anti-virus security protection software launched by T&S Leader. KingCloud Network Antivirus System has an unauthorized access vulnerability, which can be exploited by attackers to directly access the api to obtain sensitive...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

UBUNTU-CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...

CVE-2019-16029

A vulnerability in the application programming interface API of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service DoS condition of the web interface. The...

CVE-2019-16513

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

IBM API Connect Weak Encryption Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version 2018.4.1.7 that stems from the...

The vulnerability of the Intel Graphics Driver’s API driver component allows a hacker to disclose protected information.

The vulnerability of the Intel Graphics Driver’s API driver component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to disclose protected information...

The vulnerability of the Intel Graphics Driver’s API driver component allows a hacker to trigger a service failure.

The vulnerability of the Intel Graphics Driver’s API driver component exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the REST API interface of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network Manager (EPNM) software for managing network services, allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the REST API interface of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network Manager EPNM software for managing network services, is related to insufficient validation of input data. Exploiting...

The vulnerability of the Firefox browser’s API component, which allows a hacker to replace the user interface

The vulnerability of the Firefox browser’s API is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to replace the user interface using a specially crafted title parameter...

The vulnerability of Modicon microprogrammed control devices relates to the use of REST API commands for reading registers, which allows attackers to disclose sensitive information.

The vulnerability of Modicon microprogrammed controllers relates to the use of read commands from the REST API registers. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

foreman: authorization bypasses in foreman-tasks leading to information disclosure

An authentication bypass vulnerability was discovered in Foreman. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover ...

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to the transmission of invalid headers in the API, allows a violator to cause a service failure.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the transmission of invalid headers in the API. Exploiting this vulnerability could allow a malicious actor to cause service failures...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Vulnerability in the container of Cisco REST API virtual services for the Cisco IOS XE operating system, which allows a perpetrator to gain access to the target system with administrator privileges

The vulnerability in the container of Cisco’s API virtual services for operating systems running on Cisco IOS XE is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to the target system with administrator privileges by...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2019-34770)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

CVE-2019-5634

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy BLE from the mobile application are logged in...