GitHub Enterprise Server Authorization Issues Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.9.7, prior ...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...

Fortinet FortiSIEM 安全漏洞

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from a command execution vulnerability that stem...

Lenovo XClarity Controller Security Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller, which stems from the fact that an authenticated XCC user with read-only...

CVE-2023-4607

CVE-2023-4607 describes a vulnerability in Lenovo XClarity Controller (XCC): an authenticated XCC user can leverage a crafted API command to change the permissions of any user, effectively gaining elevated privileges. The issue is documented across multiple sources (Lenovo LEN-140960 reference; R...

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command...

PT-2023-29831 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...

CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

CVE-2023-34420

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...

CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

Design/Logic Flaw

IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the...

IBM Safer Payments 安全漏洞

IBM Safer Payments is the first true payment processing cognitive fraud prevention solution from IBM USA. helps clients create customized, user-friendly decision models. A security vulnerability exists in IBM Safer Payments that stems from parsing specially crafted API calls that could lead to a...

Server-side Request Forgery (SSRF)

openapi-generator is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/gen/clients/language path, allowing an attacker to access network resources and sensitive information via a crafted API request...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2023-27163

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2022-43138

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

UBUNTU-CVE-2022-43138

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

Dolibarr ERP/CRM 安全漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders and more. A security vulnerability exists in Dolibarr ERP/CRM versions...

CVE-2022-34534

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...