454 matches found
CVE-2020-8551 Kubernetes kubelet denial of service
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...
CVE-2015-3309
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. dot dot in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete...
Directory traversal
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. dot dot in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete...
CVE-2015-3309
The CVE-2015-3309 entry concerns Etherpad’s Minify.js (node/utils/Minify.js) with a directory traversal vulnerability in Etherpad versions 1.1.2 through 1.5.4. The root cause is an incomplete fix to CVE-2015-3297, allowing an attacker to read arbitrary files via a .. sequence in the path paramete...
CVE-2015-3309
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. dot dot in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete...
CVE-2019-20451
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. Authentication is required but an XML file containing credentials can be downloaded...
Remote code execution
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. Authentication is required but an XML file containing credentials can be downloaded...
CVE-2019-20451
Mode C: CVE-2019-20451 affects Prismview System 9 (11.10.17.00) and Prismview Player 11 (13.09.1100). The issue enables remote code execution by uploading a RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. Authentication is required, but an XML file with credentials can be downloaded...
CVE-2019-20451
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. Authentication is required but an XML file containing credentials can be downloaded...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. The vulnerability is located in the HTTP API. Grafana Labs has made updates available to fix the vulnerability fix. More information can b...
CVE-2019-1877
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
CVE-2019-1877
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
CVE-2019-1877 Cisco Enterprise Chat and Email Attachment Download Vulnerability
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
CVE-2017-3163
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...
Grafana 2.0.0 < 5.4.5, 6.x < 6.3.4 DoS Vulnerability
Grafana is prone to a denial of service vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...
CVE-2019-15043
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana...
CVE-2019-15043
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana...
Design/Logic Flaw
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana...
CVE-2019-15043
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana...
CVE-2019-15043
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana...