4936 matches found
Improper access control
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...
CVE-2020-27147
The CVE concerns TIBCO PartnerExpress REST API (v6.2.0). The REST API component contains a vulnerability that could allow an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via the REST API, potentially leading to unauthorized read and, fo...
CVE-2020-27147
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...
CVE-2020-26415
Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...
CVE-2020-26415
Removed by vendor...
TIBCO Security Advisory: December 15, 2020 - TIBCOPartnerExpress
TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: CVE-2020-27147 Source: TIBCO SoftwareInc. TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO PartnerExpress version 6.2.0 T...
TIBCO Security Advisory: December 15, 2020 - TIBCOPartnerExpress
TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: CVE-2020-27147 Source: TIBCO SoftwareInc. TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO PartnerExpress version 6.2.0 T...
PT-2020-16420 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 13.4.7 GitLab versions 13.5 through 13.5.5 GitLab versions 13.6 through 13.6.2 Description: Information about the starred projects for private user profiles was exposed via the GraphQL API starting from version...
Information disclosure
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with...
CVE-2020-8919 Information leakage in Gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with...
GitLab Information Disclosure Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that originates...
SUSE SLES15 Security Update : podman (SUSE-SU-2020:3378-1)
This update for podman fixes the following issues : Security issue fixed : This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : add dependency to timezone package or podman fai...
CVE-2020-27826
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...
Red Hat Keycloak Security Vulnerability
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in keycloak that stems from the Account REST API that can update user metadata attributes...
CVE-2020-25711
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...
Authorization
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...
CVE-2020-25711
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...
CVE-2020-25711
CVE-2020-25711 affects Infinispan 10 REST API where authorization checks are not performed for certain server-management operations. When authz is enabled, any authenticated user can perform actions such as shutting down the server without the ADMIN role, enabling an authorization-check bypass. T...
openSUSE Security Update : podman (openSUSE-2020-2039)
This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...
openSUSE Security Update : podman (openSUSE-2020-2063)
This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...