Lucene search
K

543 matches found

OSV
OSV
added 2023/12/12 1:15 a.m.6 views

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

7.5CVSS5.9AI score0.00754EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.4 views

PT-2023-28836 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLFlow versions 2.8.1 and before Description: An issue in MLFlow allows a remote attacker to obtain sensitive information via a crafted request to the REST API. Approximately 4,120 devices are potentially affected, mainly distributed in the...

7.5CVSS7.2AI score0.36582EPSS
Exploits1References13
VulnCheck KEV
VulnCheck KEV
added 2023/11/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

9CVSS7.2AI score0.13882EPSS
Exploits2References1
OSV
OSV
added 2023/11/14 11:15 p.m.7 views

CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

5.3CVSS5.8AI score0.00473EPSS
Exploits1References1
OSV
OSV
added 2023/11/03 5:15 a.m.2 views

DEBIAN-CVE-2023-41259

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...

7.5CVSS7.3AI score0.00717EPSS
Exploits0References1
Debian
Debian
added 2023/10/31 4:53 a.m.19 views

[SECURITY] [DLA 3642-1] request-tracker4 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3642-1 [email protected] https://www.debian.org/lts/security/ Salvatore Bonaccorso October 31, 2023 https://wiki.debian.org/LTS -...

7.5CVSS8.1AI score0.00717EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/10/31 2:40 a.m.4 views

SUSE CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

6.5CVSS7.1AI score0.01101EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/31 12:0 a.m.33 views

Debian DSA-5542-1 : request-tracker4 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5542 advisory. - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface...

7.5CVSS7.3AI score0.00717EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.3 views

PT-2023-6715 · Unknown +2 · Request Tracker +2

Name of the Vulnerable Software and Affected Versions: Request Tracker RT versions 4.4.6 and earlier Request Tracker RT versions 5.x prior to 5.0.5 Description: The issue allows information exposure in responses to mail-gateway REST API calls. This is due to excessive data output by the applicati...

7.5CVSS7AI score0.01707EPSS
Exploits0References54
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.25 views

FreeBSD : Request Tracker -- multiple vulnerabilities (e14b9870-62a4-11ee-897b-000bab9f87f1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e14b9870-62a4-11ee-897b-000bab9f87f1 advisory. - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email...

7.5CVSS7.3AI score0.00717EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.6 views

PT-2023-28155 · Unknown · Home Assistant

Name of the Vulnerable Software and Affected Versions: Home assistant versions prior to 2023.9.0 Description: The issue concerns a partial Server-Side Request Forgery vulnerability in the hassio.addon stdin service, where an attacker capable of calling this service may be able to invoke any...

7.2CVSS6.7AI score0.00464EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2023/10/18 12:0 a.m.23 views

Request Tracker -- multiple vulnerabilities

Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST...

7.5CVSS6.7AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2023/10/16 8:15 p.m.7 views

DEBIAN-CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS6.3AI score0.03862EPSS
Exploits4References1
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS5.8AI score0.01988EPSS
Exploits0References1
OSV
OSV
added 2023/09/13 7:15 a.m.4 views

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

6.5CVSS5.8AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/19 12:0 a.m.5 views

PT-2023-8186 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions 7.1 through 7.11 Description: The issue is related to incorrect access control mechanisms in place for the Rest API, which can allow a remote attacker to disclose protected information. Recommendations: For versions...

5.3CVSS7AI score0.00473EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.5 views

PT-2023-3493 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage software affected versions not specified Description: A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read...

9.1CVSS9.3AI score0.00731EPSS
Exploits0References6
OSV
OSV
added 2023/07/11 5:15 p.m.3 views

CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

9.8CVSS5.9AI score0.0043EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/27 12:0 a.m.16 views

Apache StreamPipes Elevation of Privilege Vulnerability

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from an elevation of privilege vulnerability that is caused by failing to properly restrict the...

8.8CVSS7.1AI score0.01096EPSS
Exploits0References1
OSV
OSV
added 2023/06/23 9:30 a.m.21 views

GHSA-PM73-X2H5-CMJ3 Apache StreamPipes Improper Privilege Management vulnerability

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.8CVSS8.3AI score0.01096EPSS
Exploits0References3
Rows per page
Query Builder