CVE-2020-26084 Cisco Edge Fog Fabric Resource Exposure Vulnerability

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this...

CVE-2020-26084

CVE-2020-26084 : A vulnerability in the REST API of Cisco Edge Fog Fabric allows an authenticated, remote attacker to access and potentially overwrite arbitrary files due to incorrect authorization enforcement. Exploitation requires sending a crafted API request. The issue is documented across mu...

CVE-2020-26084 Cisco Edge Fog Fabric Resource Exposure Vulnerability

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this...

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

PYSEC-2020-26

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

CVE-2020-27589

CVE-2020-27589 affects Synopsys hub-rest-api-python (blackduck on PyPI) in versions 0.0.25–0.0.52, which do not validate SSL certificates in certain cases. According to the CVE entry, this yields a high-severity impact (CVSSv3.1: 7.5) with potential integrity impact and network exposure. No explo...

CVE-2020-12145

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted ...

CVE-2020-12146

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

Design/Logic Flaw

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

Code injection

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

CVE-2020-12146 Silver Peak Unity OrchestratorTM subject to path traversal.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

CVE-2020-12146

CVE-2020-12146 concerns Silver Peak Unity Orchestrator path traversal via the /debugFiles REST API. An authenticated user can access, modify, and delete restricted files on the Orchestrator server. Affected versions are pre-8.9.11+, 8.10.11+, and 9.0.1+. ThreatPost notes that patches exist, and S...

CVE-2020-12147 Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

CVE-2020-12145 Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers.

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted ...

CVE-2020-12145

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are affected by CVE-2020-12145, which allows login via HTTP Host header spoofing to localhost. The vulnerability stems from authenticating REST API calls from localhost using the host header, enabling an attacker to byp...

Cisco Edge Fog Fabric Authorization Issues Vulnerability

Cisco Edge Fog Fabric EFF is an open architecture IoT platform for industrial customers. An authorization issue vulnerability exists in the REST API for Cisco Edge Fog Fabric versions prior to 1.7.4. The vulnerability stems from a failure of authorization enforcement to be correct. An attacker ca...

Information Disclosure

podman is vulnerable to information disclosure. The vulnerability exists through environment variables leak between containers when started via Varlink or Docker-compatible REST API...

PT-2020-5183 · Cisco · Cisco Data Center Network Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager DCNM Software affected versions not specified Cisco Firepower Management Center FMC affected versions not specified Description: The issue is related to insufficient path restriction enforcement in a certain...