Unspecified Vulnerability in Google API C++ Client

Google API C++ Client is a C++-based Google API client library from Google USA. An unspecified vulnerability exists in versions of Google API C++ Client prior to 2019-04-10. An attacker can exploit this vulnerability to cause a denial of service...

CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284...

Blogifier design flaws

Blogifier is a lightweight open source blog system written using ASP.NET Core . Blogifier 2.3 prior to 2019-05-11 fails to restrict the API properly, as shown by the lack of a check in the pathname for... The check shown in the...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

PT-2019-19434 · Nagios · Nagios Xi +1

Name of the Vulnerable Software and Affected Versions: Nagios IM versions prior to 2.2.7 Description: The issue allows for authorization bypass in Nagios IM, a component of Nagios XI, enabling the closure of incidents via the API. Recommendations: For versions prior to 2.2.7, update to version...

[SECURITY] Fedora 28 Update: cfitsio-3.430-2.fc28

CFITSIO is a library of C and FORTRAN subroutines for reading and writing data files in FITS Flexible Image Transport System data format. CFITSIO simplifies the task of writing software that deals with FITS files by providing an easy to use set of high-level routines that insulate the programmer...

Simplifying Security Configuration: A UX Revamp Retrospective

With the March 2019 Release update, the Security Configuration User Interface UI evolution is now complete, and we hope it integrates more seamlessly into your online business. Over time, Akamai has added new products, features, and functionality to its security solutions to protect your web...

CVE-2019-1645

A vulnerability in the Cisco Connected Mobile Experiences CMX software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected...

IBM API Connect Privilege Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. An elevation of privilege vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.4,...

Battelle V2I Hub SQL Injection Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A SQL injection vulnerability exists in Battelle V2I Hub version...

PT-2018-16792 · Veraport · Veraport G3

Name of the Vulnerable Software and Affected Versions: Veraport G3 ALL on MacOS affected versions not specified Description: A race condition exists when calling the Veraport API, allowing a remote attacker to cause arbitrary file download and execution, resulting in remote code execution...

CVE-2018-19413

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the...

jenkins: Reflected XSS vulnerability

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...

Nagios XI Unauthorized API Key Regeneration Vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. Nagios XI 5.5.6 suffers from an unauthorized API key regeneration vulnerability. A remote authenticated attacker can exploit this...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Request Forgery Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

foreman: Ovirt admin password exposed by foreman API

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource...

CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

Backdoor Vulnerability in NUUO NVRMini2

NUUO is one of the surveillance solution providers and NUUO NVRMini 2 is the NVR solution with NAS functionality. A backdoor vulnerability exists in NUUO NVRMini 2. When a specific file /tmp/moses/ exists in the file system of the target device, the backdoor will be opened, and any unauthorized...

Microweber Cross-Site Request Forgery Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site request forgery vulnerability exists in Microweber version 1.0.7. A remote...