ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31020 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31020 Source advisory: OSV:GHSA-R6V9-P59M-GJ2P...

GHSA-72X9-48MC-PHH6 Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

CVE-2022-37023

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

CVE-2022-37023

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

Deserialization of untrusted data

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

CVE-2022-37023

Apache Geode (prior to 1.15.0) is vulnerable to deserialization of untrusted data via REST APIs when running on Java 8 or Java 11. The root cause is untrusted data deserialization during REST operations, enabling attackers to potentially execute arbitrary code. Mitigation per the sources is to up...

PT-2022-4605 · Apache · Apache Geode

Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.15.0 Description: The issue is related to the restoration of untrusted data in memory through the REST API interface of the Apache Geode data management platform. This can allow a remote attacker to execute...

CVE-2022-2034 Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers...

Security Bulletin: Vulnerability in REST API affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4929)

Summary Vulnerability in REST API present in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis allows for extraction of information. Vulnerability Details CVEID: CVE-2015-4929 DESCRIPTION: IBM License Metric Tool could allow an authenticated attacker to extract sensitive...

CVE-2022-2379

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

Design/Logic Flaw

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

CVE-2022-2379

CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...

WordPress plugin Easy Student Results 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-20914

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

Design/Logic Flaw

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

Splunk Enterprise 8.1.x < 8.1.7 Information Disclosure

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to return verbose login errors. Note that Nessus has not tested for this issue but has instead relied only on...