4960 matches found
CVE-2020-25711
CVE-2020-25711 affects Infinispan 10 REST API where authorization checks are not performed for certain server-management operations. When authz is enabled, any authenticated user can perform actions such as shutting down the server without the ADMIN role, enabling an authorization-check bypass. T...
openSUSE Security Update : podman (openSUSE-2020-2039)
This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...
openSUSE Security Update : podman (openSUSE-2020-2063)
This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...
Security update for podman (moderate)
openSUSE Security Update: Security update for podman Announcement ID: openSUSE-SU-2020:2063-1 Rating: moderate References: 1176804 1178122 1178392 Cross-References: CVE-2020-14370 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has two fixes is now available...
Cisco IoT Field Network Director Unauthenticated REST API (cisco-sa-FND-BCK-GHkPNZ5F)
A Rest API vulnerability exists in Cisco IoT Field Network Director IoT-FND due to IoT-FND not properly authenticating REST API calls. An unauthenticated, remote attacker can exploit this, by obtaining a cross-site request forgery CSRF token and then using the token with REST API requests, to...
Cisco IoT Field Network Director Missing API Authentication (cisco-sa-FND-APIA-xZntFS2V)
A Rest API vulnerability exists in Cisco IoT Field Network Director IoT-FND due to IoT-FND not properly authenticating REST API calls. An unauthenticated, remote attacker can exploit this, by sending API requests to an affected system, to view sensitive information on the affected system, includi...
CVE-2020-3531
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
Cross site request forgery (csrf)
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
CVE-2020-26075
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...
Input validation
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...
CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
CVE-2020-3531
Cisco IoT Field Network Director (FND) is affected by an unauthenticated REST API vulnerability. The REST API fails to properly authenticate calls, enabling an attacker to obtain a CSRF token and perform REST requests that read, alter, or drop data in the back‑end database. Impact is high (unauth...
CVE-2020-26075 Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...
CVE-2020-26075
Cisco IoT Field Network Director (FND) REST API suffers from insufficient input validation, enabling authenticated remote attackers to craft malicious API requests and potentially access the device’s back-end database (SQL‑injection-like effect). Affected component is the REST API of FND; impact ...
Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...
Cross-Site Scripting (XSS)
keycloak-services is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the Realm registration REST API...
Improper access control
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...
CVE-2020-25209
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...