4: ovirt-engine exposes cloud-init root password via REST API

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

File upload vulnerability in finecms

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. File upload vulnerability exists in FineCMS. A file upload vulnerability exists in the newajaxupload function in \dayrui\controllers\member\Api.php, which can be exploited by an attacker to construct da...

WordPress API Data Handling Error Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from an API data handling error vulnerability. An attacker can exploit this vulnerability to execute...

Multiple Denial of Service Vulnerabilities in Linksys Smart Wi-Fi Routers

Linksys Smart Wi-Fi Routers are smart Wi-Fi routers. Multiple denial of service vulnerabilities exist in Linksys Smart Wi-Fi Routers. Allows an unauthenticated attacker to create a denial-of-service DoS condition on the router that will cause the router to stop responding or reboot by sending...

IBM API Connect Command Execution Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A command execution vulnerability exists in IBM API Connect. An attacker could exploit this vulnerability to execute arbitrary commands on ...

CVE-2016-4950

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions...

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

The vulnerability of Google Chrome browser allows a perpetrator to replace the content of the Omnibox component.

The vulnerability of the Google Chrome browser’s API extension exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to replace the content of the Omnibox component remotely...

The vulnerability of Google Chrome browser allows a violator to compromise the confidentiality of information.

The vulnerability of the Google Chrome browser’s API extension is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality of information through a specially created HTML page...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s API is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, allow attackers to circumvent restrictions on the execution of JavaScript APIs.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, are related to security configuration errors. Exploiting these vulnerabilities can allow a malicious actor to bypas...

The vulnerability of the Android operating system allows a perpetrator to obtain confidential information or circumvent existing access restrictions.

The vulnerability of the Camera API application of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions or obtain confidential information about buffer addresses using ...

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2016-06424)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure hole exists in the...

foreman: API and UI actions/URLs not limited to the orgs/locations assigned

It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to...

IBM API Connect and NPM Remote Information Disclosure Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A security vulnerability exists in IBM API Connect and NPM that allows remote attack attackers to submit special requests to obtain sensiti...

Foreman API and UI Privilege Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A privilege-lifting vulnerability exists in the Foreman API and UI. When a restricted user from a specif...

The vulnerabilities in Acrobat software allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the Acrobat API due to the access to unmaped memory. Exploiting this vulnerability allows attackers to execute arbitrary code by using API calls...

NTT Broadband Platform Japan Connected-free Wi-Fi for Android and iOS Arbitrary API Execution Vulnerability

NTT Broadband Platform Japan Connected-free Wi-Fi for Android and iOS is a suite of Android and iOS-based applications from NTT Broadband Platform Japan for finding and automatically connecting to nearby free Wi-Fi in Japan. It is a set of Android and iOS based applications for NTT Broadband...

Red Hat Satellite SQL Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in the 'sortby' and 'sortorder' parameters...