IBM API Connect Input Validation Error Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect. An attacker could exploit thi...

CVE-2017-18444

cPanel before 64.0.21 allows demo accounts to execute SSH API commands SEC-248...

CVE-2018-20905

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction SEC-429...

The vulnerability of the REST API interface of the Cisco Vision Dynamic Signage Director system allows a hacker to bypass authentication procedures and execute arbitrary code with administrator privileges.

The vulnerability of the REST API interface of the Cisco Vision Dynamic Signage Director system is related to errors in handling HTTP requests. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code with administrator privileges using...

UBUNTU-CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

The vulnerability of D-Link DIR-823G router’s microprogram code, related to access control errors, allows a hacker to intercept the DNS service configuration.

The vulnerability of D-Link DIR-823G router’s microprogram code is related to access control errors. Exploiting this vulnerability allows a malicious actor to intercept DNS service configurations through the API interface using the SetWanSettings function...

libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients

It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would...

CVE-2019-1906

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could...

DEBIAN-CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

Unspecified Vulnerability in Google API C++ Client

Google API C++ Client is a C++-based Google API client library from Google USA. An unspecified vulnerability exists in versions of Google API C++ Client prior to 2019-04-10. An attacker can exploit this vulnerability to cause a denial of service...

The vulnerability of the Elastic Services Controller’s network management mechanism, related to errors in API request validation, allows a perpetrator to bypass authentication procedures and execute arbitrary code.

The vulnerability of the Elastic Services Controller’s network management interface is related to errors in checking API requests. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code by sending a specially crafted request to the RE...

Blogifier design flaws

Blogifier is a lightweight open source blog system written using ASP.NET Core . Blogifier 2.3 prior to 2019-05-11 fails to restrict the API properly, as shown by the lack of a check in the pathname for... The check shown in the...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

PT-2019-19434 · Nagios · Nagios Xi +1

Name of the Vulnerable Software and Affected Versions: Nagios IM versions prior to 2.2.7 Description: The issue allows for authorization bypass in Nagios IM, a component of Nagios XI, enabling the closure of incidents via the API. Recommendations: For versions prior to 2.2.7, update to version...

Simplifying Security Configuration: A UX Revamp Retrospective

With the March 2019 Release update, the Security Configuration User Interface UI evolution is now complete, and we hope it integrates more seamlessly into your online business. Over time, Akamai has added new products, features, and functionality to its security solutions to protect your web...

CVE-2019-1645

A vulnerability in the Cisco Connected Mobile Experiences CMX software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected...

IBM API Connect Privilege Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. An elevation of privilege vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.4,...

Battelle V2I Hub SQL Injection Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A SQL injection vulnerability exists in Battelle V2I Hub version...