1388 matches found
CVE-2020-3333 Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...
CVE-2020-12142
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
UBUNTU-CVE-2020-12275
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...
PT-2020-13088 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...
CVE-2020-5563
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API...
CVE-2019-4751
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
Broadcom CA API Developer Portal Access Bypass Vulnerability
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...
Cisco UCS Director and Cisco UCS Director Express for Big Data Input Validation Error Vulnerability (CNVD-2020-25346)
Cisco UCS Director and Cisco UCS Director Express for Big Data are both products from Cisco, Inc. Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Cisco UCS Director is a heterogeneous platform for private cloud infrastructure-as-a-service IaaS. A...
Broadcom CA API Developer Portal Information Disclosure Vulnerability (CNVD-2020-25821)
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An information disclosure vulnerability exists in Broadcom CA API Developer Portal 4.3....
PT-2020-2597
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient input validation in the Lightweight HTTP Server component of Oracle Java SE and Java SE Embedded. This can be exploit...
Argo Information Disclosure Vulnerability
Argo is an open source container native workflow engine. A security vulnerability exists in versions prior to Argo 1.5.0-rc1. An attacker can exploit the vulnerability by submitting a request to invoke the API to retrieve information...
Unspecified vulnerability in CIPPlanner CIPAce (CNVD-2020-21817)
CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability by sending an API request to obtain the uplo...
Unspecified Vulnerability in CIPPlanner CIPAce
CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability to obtain ETL process contents by sending a...
CVE-2020-11587
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...
CVE-2020-11586
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data...
Google Kubernetes Resource Management Error Vulnerability
Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A resource management error...
ZyXEL Cloud CNM SecuManager Unauthorized Remote Code Execution Vulnerability
Zyxel Cloud CNM SecuManager is a full-featured network management software that provides an integrated console to monitor and manage security grids, including the ZyWALLUSG and VPN series. An unauthorized remote code execution vulnerability exists in Zyxel Cloud CNM SecuManager, which can be...
SQL Injection Vulnerability in Eight Image Encryption Platforms
Eight Image Encryption Platform is designed and developed in php+mysql environment by calling the API of Eight Image Platform. There is a SQL injection vulnerability in Eight Image Encryption Platform, which can be exploited by attackers to gain database privileges...
Unauthorized Access Vulnerability in Jingyun Network Antivirus System
Jingyun Network Antivirus System is a new generation of enterprise-level anti-virus security protection software launched by T&S Leader. KingCloud Network Antivirus System has an unauthorized access vulnerability, which can be exploited by attackers to directly access the api to obtain sensitive...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...