CVE-2020-12834

The Red Hat CVE record confirms CVE-2020-12834 affects eQ-3 Homematic CCU2 (version 2.51.6 and earlier) and CCU3 (version 3.51.6 and earlier). The vulnerability enables Remote Code Execution via the JSON API method ReGa.runScript due to the default auto-login feature being enabled during initial ...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

DRUPAL-CONTRIB-2020-010

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are...

JSON:API - Critical - Unsupported - SA-CONTRIB-2020-010

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are...

Fedora: Security Advisory for couchdb (FEDORA-2020-73bd8167a0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: couchdb-3.0.0-1.fc32

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

CVE-2019-19866

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

CVE-2019-19866

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

Design/Logic Flaw

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

CVE-2019-19866

CVE-2019-19866 affects Atos Unify OpenScape UC Web Client: OpenScape UC Web Client V9 before R4.31.0 and V10 before R0.6.0 are vulnerable. An attacker can enumerate all scheduled conferences by iterating conferenceId in the JSON API getMailFunction, exposing conference numbers and access PINs. Th...

CVE-2019-19866

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

openSUSE Security Update : proftpd (openSUSE-2020-31)

This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...

Security update for proftpd (moderate)

openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2020:0031-1 Rating: moderate References: 1113041 1144056 1154600 1155834 1156210 1157798 1157803 Cross-References: CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 Affected Products: openSU...

Information disclosure

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request...

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

Improper access control

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

CVE-2019-9585

CVE-2019-9585 affects eQ-3 Homematic CCU2 (before 2.47.10) and CCU3 (before 3.47.10). The JSON API has improper access control, enabling metadata read, set, and delete operations via the interface. ROOT CAUSE: insufficient access restrictions on the JSON API. IMPACT: potential disclosure and modi...

eQ-3 HomeMatic CCU2 and eQ-3 Homematic CCU3 Access Control Error Vulnerabilities

The eQ-3 Homematic CCU3 and the eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. An access control error vulnerability exists in the JSON API in the eQ-3 Homematic CCU2 version prior to 2.47.10 and the eQ-3 Homematic CCU3 version prior to 3.47.10, whic...

CVE-2016-10843

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...