Path traversal

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

logstash-management-api 路径遍历漏洞

logstash-management-api is a management system interface repository by Lukas Chripko, an individual developer in Sweden. A security vulnerability exists in logstash-management-api version 2020-05-04 and earlier, which stems from an incorrect call to Flask's sendfile function that results in...

GHSA-Q9G8-9HPP-XC82 nsufficiently Protected Credentials in ActiveMQ Artemis

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file etc/artemis-users.properties file when executing the resetUsers operation. A local attacker can use this flaw to read the...

Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from the lack of proper validation of the...

Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from the lack of proper validation of the...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22013

CVE-2021-22013 is a path traversal vulnerability in VMware vCenter Server’s appliance management API that could allow an unauthenticated attacker with network access to port 443 to read arbitrary files, leading to information disclosure. Affected software is vCenter Server; root cause is improper...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

Shopware Information Disclosure Vulnerability

Shopware is an open source e-commerce platform. An information disclosure vulnerability exists in Shopware versions prior to 6.4.1.1. An attacker can exploit the vulnerability to expose internal hidden fields via the Management API when loading multiple references in an association...

Amazon Linux 2 : qemu (ALAS-2021-1671)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1671 advisory. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of- bounds read access and...

IBM Cognos Analytics 授权问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A command execution vulnerabili...

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

foreman: world-readable OMAPI secret through the ISC DHCP server

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability...

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

Directory traversal

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

CVE-2021-23357 Directory Traversal

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

Apache APISIX Trust Management Issues Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . Apache APISIX suffers from a trust...

CVE-2020-25711

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...

Directory Traversal

Overview github.com/TykTechnologies/tyk/gateway is a Tyk Gateway API Affected versions of this package are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The API...