CVE-2020-10275

CVE-2020-10275 describes a weakness in REST API token generation where tokens are directly derived from publicly available default credentials for the web interface. With a given USERNAME and PASSWORD, the token is computed as base64(USERNAME:sha256(PASSWORD)). An attacker inside the network who ...

CVE-2020-10274 RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps)

The access tokens for the REST API are directly derived sha256 and base64 encoding from the publicly available default credentials from the Control Dashboard refer to CVE-2020-10270 for related flaws. This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks...

CVE-2020-10274

MiR robots are affected by CVE-2020-10274 in combination with CVE-2020-10273. Affected products include MiR100, MiR200, MiR250, MiR500, MiR1000 and MiR Fleet, with MiR Robot Software versions prior to 2.10.2.1 (per ICS advisory) and older firmware versions (MiR controllers prior to 2.8.1.1) per N...

PT-2020-13654 · WordPress · Acf-To-Rest-Api

Name of the Vulnerable Software and Affected Versions: acf-to-rest-api plugin through 3.1.0 for WordPress Description: The issue allows an insecure direct object reference via permalinks manipulation. This can be demonstrated by a "wp-json/acf/v3/options/" request that reads sensitive information...

Information Exposure

An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and password values...

CVE-2017-18896

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

CVE-2017-18895

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

CVE-2017-18896

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

Sql injection

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

CVE-2017-18895

Mattermost Server is affected prior to versions 4.2.0, 4.1.1, and 4.0.5. A REST API version 4 endpoint can expose sensitive user status information to attackers, enabling information disclosure. The issue is documented across multiple sources (including SUSE, Red Hat, CNVD, GHSA, and OSV) with th...

CVE-2017-18895

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

CVE-2017-18896

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

CVE-2017-18889

Summary: CVE-2017-18889 affects Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can abuse the v3/v4 REST API via webhooks or slash commands to create fictive system-message posts. What’s affected: Mattermost Server (versions before 4.3.0, 4.2.1, and 4.1.2). The vulnerability is ex...

CVE-2020-3242

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An...

Authentication flaw

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An...

CVE-2020-3242 Cisco UCS Director Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An...