CVE-2020-4325

CVE-2020-4325 affects IBM Process Federation Server and IBM Automation Workstream Services in Cloud Pak for Automation. The root cause is improper shutdown of thread pools used to retrieve Global Teams information, causing JVM memory to be unrecoverable and leading to OutOfMemory errors when the ...

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

A pair of security vulnerabilities in the WordPress search engine optimization SEO plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. It’s a WordPress plugin with more than 200,000...

[SECURITY] Fedora 32 Update: coturn-4.5.1.1-3.fc32

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacks

Summary IBM Process Federation Server Global Teams REST API does not properly shut down the thread pools that it creates, leading to OutOfMemory exceptions, and could be targeted by DoS attacks. Vulnerability Details CVEID: CVE-2020-4325 DESCRIPTION: The IBM Process Federation Server Global Teams...

WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint

The WordPress SEO Plugin – Rank Math plugin includes a number of optional modules, including a module that can be used to create redirects on a site. In order to add this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateRedirection, which failed to include a permissioncallbac...

WordPress SEO Plugin - Rank Math < 1.0.41 - Privilege Escalation via Unprotected REST API Endpoint

This plugin registered a REST-API endpoint, rankmath/v1/updateMeta, which failed to include a permissioncallback used for capability checking. The endpoint called a function, updatemetadata which could be used to update the slug on existing posts, or could be used to delete or update metadata for...

WordPress SEO Plugin - Rank Math < 1.0.41 - Privilege Escalation via Unprotected REST API Endpoint

This plugin registered a REST-API endpoint, rankmath/v1/updateMeta, which failed to include a permissioncallback used for capability checking. The endpoint called a function, updatemetadata which could be used to update the slug on existing posts, or could be used to delete or update metadata for...

WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint

The WordPress SEO Plugin – Rank Math plugin includes a number of optional modules, including a module that can be used to create redirects on a site. In order to add this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateRedirection, which failed to include a permissioncallbac...

IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution Exploit

IBM Cognos TM1 Server / Planning Analytics Server TM1 suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module. IBM PA / TM1, dating back to...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 1.4.0 release and security update

Red Hat AMQ Streams 1.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

kafka: Connect REST API exposes plaintext secrets in tasks endpoint

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...

CVE-2020-10807

authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...

Authentication flaw

authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...

CVE-2020-10807

authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...

CVE-2020-10807

CVE-2020-10807 concerns Caldera’s auth_svc before 2.6.5, where authentication can be bypassed for REST API requests by forging the HTTP Host header to include a localhost string. The issue is mitigated by upgrading to Caldera 2.6.5 or later, which addresses the authentication bypass vulnerability...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

CVE-2019-12498

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...

Information disclosure

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...

CVE-2019-12498

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...