CVE-2021-38471

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...

PT-2021-22137 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The issue concerns the product's failure to properly control resource allocation. This could allow a user to allocate unlimited memory buffers by utilizing API functions. Recommendations: A...

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

AZL-6708 CVE-2021-35597 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...

UBUNTU-CVE-2021-35597

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...

AUVESY Versiondog 资源管理错误漏洞

AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a resource management error vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to allocate unlimited memory buffers using API functions...

CVE-2021-38431

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users...

Zammad 信息泄露漏洞

Zammad is an open source web-based help desk/customer support system. versions prior to Zammad 4.1.1 are vulnerable to information disclosure. An attacker could exploit the vulnerability to obtain sensitive information via the REST API...

PT-2021-5118 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: The issue is related to insufficient input validation for specific API endpoints in the REST API of Cisco Identity Services Engine. This could allow a remote attacker...

UBUNTU-CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

UBUNTU-CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

PT-2021-22722 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 and later Description: The issue allows an attacker to see pending invitations of any public group or public project by visiting a specific "API endpoint". Recommendations: For GitLab CE/EE versions 13.6 and later,...

VMware vCenter Server 信息泄露漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The OMGF WordPress plugin suffers from a path...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

PT-2021-22451 · Capture · Capture

Name of the Vulnerable Software and Affected Versions: pcapture versions prior to 3.12 Description: The issue allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is significant because...

Misskey 跨站脚本漏洞

Misskey is a micro-blogging platform. A cross-site scripting vulnerability exists in versions of Misskey prior to 12.51.0, which stems from a built-in dialog box in the Web client that does not validate and escape user input. An attacker could display a malicious string in the dialog box and use ...

CVE-2021-1580

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller APIC or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see t...

PT-2021-4957 · Cisco · Cisco Apic +1

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC affected versions not specified Description: A vulnerability in the API endpoint of the affected systems could all...