CVE-2022-20791

A vulnerability in the database user privileges of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote...

PT-2022-3945 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2021-39870

Removed by vendor...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

PT-2021-22735 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 and later Description: The issue is related to an insecure direct object reference vulnerability. An endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the...

The vulnerability of the password change interface of the Cisco Connected Mobile Experiences (CMX) software allows a hacker to bypass security mechanisms.

The vulnerability of the Cisco Connected Mobile Experiences CMX password change interface is related to deficiencies in the management of registration data. Exploiting this vulnerability could allow a malicious actor to bypass security measures through a specially created API request...

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

CVE-2020-7820

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC...

CVE-2020-3926

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

CVE-2020-3927

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

Improper access control

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

CVE-2016-4304

A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...

Code injection

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...

UBUNTU-CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...

CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

Null pointer dereference

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via an application that provides crafted API arguments...

CVE-2014-4376

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via an application that provides crafted API arguments...

CVE-2014-4389

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments...