CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

PYSEC-2020-26

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

CVE-2020-27589

CVE-2020-27589 affects Synopsys hub-rest-api-python (blackduck on PyPI) in versions 0.0.25–0.0.52, which do not validate SSL certificates in certain cases. According to the CVE entry, this yields a high-severity impact (CVSSv3.1: 7.5) with potential integrity impact and network exposure. No explo...

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

CVE-2020-12145

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted ...

CVE-2020-12146

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

Code injection

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

Design/Logic Flaw

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

CVE-2020-12146 Silver Peak Unity OrchestratorTM subject to path traversal.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

CVE-2020-12146

CVE-2020-12146 concerns Silver Peak Unity Orchestrator path traversal via the /debugFiles REST API. An authenticated user can access, modify, and delete restricted files on the Orchestrator server. Affected versions are pre-8.9.11+, 8.10.11+, and 9.0.1+. ThreatPost notes that patches exist, and S...

CVE-2020-12147 Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

CVE-2020-12145

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are affected by CVE-2020-12145, which allows login via HTTP Host header spoofing to localhost. The vulnerability stems from authenticating REST API calls from localhost using the host header, enabling an attacker to byp...

CVE-2020-12145 Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers.

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted ...

Cisco Edge Fog Fabric Authorization Issues Vulnerability

Cisco Edge Fog Fabric EFF is an open architecture IoT platform for industrial customers. An authorization issue vulnerability exists in the REST API for Cisco Edge Fog Fabric versions prior to 1.7.4. The vulnerability stems from a failure of authorization enforcement to be correct. An attacker ca...

Information Disclosure

podman is vulnerable to information disclosure. The vulnerability exists through environment variables leak between containers when started via Varlink or Docker-compatible REST API...

Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)

HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...

PT-2020-5183 · Cisco · Cisco Data Center Network Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager DCNM Software affected versions not specified Cisco Firepower Management Center FMC affected versions not specified Description: The issue is related to insufficient path restriction enforcement in a certain...

Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

Exploit Title: WP Courses 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Exploit Author: Stefan Broeder, Marco Ortisi redtimmysec Authors blog: https://www.redtimmy.com Vendor Homepage: https://wpcoursesplugin.com/ Version Vulnerable: 2.0.29 CVE: requested but not assigned...

CVE-2020-10746

A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...