CVE-2020-17520

Pulsar Manager 0.1.0 is affected. The issue allows bypassing the admin/permission verification by crafting special URLs, enabling access to any HTTP API. Root cause is bypassing the privilege validation mechanism. The connected documents do not provide exploit details, affected versions beyond 0....

CVE-2020-17520

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API...

CVE-2020-9049

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...

CVE-2020-9049

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...

CVE-2020-9049 victor Web Client and C•CURE Web Client JSON Web Token (JWT) Vulnerability

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...

Open-Xchange: XSS - Calendar - Unescaped common name of appointment participant

There is this function to get participant's name: javascript // frontend/ui/apps/io.ox/participants/chronos-views.js getDisplayName: function model, options options = options || ; var dn = model.get'contact' ? contactsUtil.getFullNamemodel.get'contact', options.asHtml : model.get'cn'; // 'email...

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

CVE-2020-13941

CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

Command injection

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

CVE-2020-13250

CVE-2020-13250 affects HashiCorp Consul and Consul Enterprise, where an HTTP API (1.2.0) and DNS (1.4.3) caching feature could be abused to cause a denial of service. The vulnerability is fixed in Consul 1.6.6 and Consul Enterprise 1.7.4. The provided connected documents confirm the core impact (...

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

PT-2020-13397 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul versions 1.2.0 through 1.6.5 HashiCorp Consul versions 1.4.3 through 1.7.3 Description: The issue is related to a denial of service vulnerability in the HTTP API and DNS caching feature of HashiCorp Consul and Consul...

RHEL 8 : grafana (RHSA-2020:1659)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1659 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgrad...