1400 matches found
Unspecified Vulnerability in Oracle MySQL Client
MySQL Client is a MySQL client, a program used to communicate with the server to process information in a database managed by the server. A security vulnerability exists in the C API component of Oracle MySQL Client. An attacker could exploit this vulnerability to affect availability...
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-52022)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1 and 4.0.5. An attacker can exploit the vulnerability by adding a DEBUG line to the log with the help of the loggin...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-48235)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to gain privileges by accessing API endpoints...
Mattermost Server Access Privilege Vulnerability
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. An attacker can exploit the vulnerability to gain access to API endpoints after a...
PT-2020-8461
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: An issue was discovered in Mattermost Server. After a restart of a server, an attacker might suddenly...
Cisco UCS Director Information Disclosure Vulnerability
Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. An information disclosure vulnerability exists in the REST API in Cisco UCS Director versions prior to 6.7.4.0, which stems from an API response displaying confidential information. A...
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
CVE-2020-9042
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...
Cisco IOS XE Privilege Permission and Access Control Issues Vulnerability (CNVD-2020-31976)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A privilege-granting and access-control issue vulnerability exists in the authorization control of the Cisco IOx application hosting infrastructure in Cisco IOS XE 16.3.1 and later...
Cisco Unified Contact Center Express Authorization Issues Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An authorization issue vulnerability exists...
CVE-2020-3333
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...
CVE-2020-3333 Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...
CVE-2020-12142
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
UBUNTU-CVE-2020-12275
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...
PT-2020-13088 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...
CVE-2020-5563
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API...
CVE-2019-4751
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
Broadcom CA API Developer Portal Access Bypass Vulnerability
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...
Cisco UCS Director and Cisco UCS Director Express for Big Data Input Validation Error Vulnerability (CNVD-2020-25346)
Cisco UCS Director and Cisco UCS Director Express for Big Data are both products from Cisco, Inc. Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Cisco UCS Director is a heterogeneous platform for private cloud infrastructure-as-a-service IaaS. A...