4960 matches found
CVE-2021-41265
Removed by vendor...
Apereo CAS XSS vulnerability
Apereo CAS is a web-based enterprise multilingual single sign-on solution. versions prior to Apereo CAS 6.4.1 have a security vulnerability that can be exploited by attackers to send XSS via POST requests to REST API endpoints...
Improper Authentication in Flask-AppBuilder
Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints...
REST API Error: S3 Error: The difference between the request time and the current time is too large / Invalid Credentials for Amazon S3
Challenge This article covers two different errors that occur when performing different tasks, but have the same root cause: When adding S3 Object Storage to Veeam Console, Veeam displays the follow error: Failed to list S3 buckets: check if the specified account has required permissions REST API...
CVE-2021-42567
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...
CVE-2021-42567
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...
Cross site scripting
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...
CVE-2021-42567
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...
CVE-2021-42567
Summary (concrete details available) Apereo CAS several versions prior to 6.4.1 are vulnerable to a cross‑site scripting (XSS) flaw that can be triggered by POST requests to the REST API endpoints. The core issue is an XSS vulnerability in the REST API handling where user-supplied data is echoed ...
Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to improper certificate validation
Summary A vulnerability due to improper certificate validation in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID: CVE-2021-29737 DESCRIPTION: IBM InfoSphere Data Flow Designer Engine component has improper validation of the REST API server certificate. CVSS Base...
Privilege Escalation
inveniodraftsresources is vulnerability to privilege escalation. An authenticated user is able to publish draft records of other users via REST API calls when they know the record identifier and the draft validates due to improper permission checks...
Apereo CAS 跨站脚本漏洞
Apereo CAS is a web-based enterprise multilingual single sign-on solution. versions prior to Apereo CAS 6.4.1 have a security vulnerability that can be exploited by attackers to send XSS via POST requests to REST API endpoints...
The vulnerability of the REST API interface of the Cisco Identity Services Engine allows a perpetrator to execute arbitrary commands and increase their privileges.
The vulnerability of the REST API interface of the Cisco Identity Services Engine relates to insufficient input validation for certain API endpoints. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and increase their privileges...
Permissions not properly checked in Invenio-Drafts-Resources
Impact Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and...
GHSA-XR38-W74Q-R8JV Permissions not properly checked in Invenio-Drafts-Resources
Impact Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and...
CVE-2021-43781
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...
CVE-2021-43781
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...
PYSEC-2021-837
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...
PYSEC-2021-838
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...
PYSEC-2021-836
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...