CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

Cisco IoT Field Network Director 访问控制错误漏洞

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. A security vulnerability exists in Cisco IoT Field Network Director FND that stems from affected software not properly validati...

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...

CVE-2020-27128

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by...

Cisco Integrated Management Controller Authorization Bypass Vulnerability

The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series rackmount servers and Cisco S-Series storage servers. An authorization bypass vulnerability exists in the API endpoints of Cisco Integrated Managemen...

Cisco SD-WAN vManage Directory Traversal Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A directory traversal vulnerability exists in the application data endpoint of Cisco SD-WAN vManage. The vulnerability stems from improper validation of directory traversal character...

PT-2020-4665 · Cisco · Cisco Integrated Management Controller

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller affected versions not specified Description: A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take...

CVE-2020-16257

Winston 1.5.4 devices are vulnerable to command injection via the API...

PT-2020-4578 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to an incorrect permissions vulnerability in the Integrations component of Magento. This could allow authenticated users with permissions to the Resource Access...

UBUNTU-CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

mysql: C API unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

GitLab Information Disclosure Vulnerability (CNVD-2020-58042)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

cPanel cross-site scripting vulnerability (CNVD-2020-54779)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 90.0.10, which stems from self XSS that allows the...

UBUNTU-CVE-2020-13297

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint...

mysql: C API unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of thi...

mysql: C API unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

IBM API Connect Phishing Attack Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A phishing attack vulnerability exists in IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an attacker to conduct a phishing attack by tricking the server into generating a user registration email...

CloudForms: User Impersonation in the API for OIDC and SAML

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request...

ALEOS API Abuse Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. An API abuse vulnerability exists in the AT Command API in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which stems from a lack of length checking when processing certain user-supplied values, a...

Cisco Data Center Network Manager REST API Endpoint Input Validation Error Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An input validation error vulnerability exists in the REST API endpoint in Cisco...