Design/Logic Flaw

A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...

CVE-2020-10746

A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...

CVE-2020-8349

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...

Remote code execution

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...

CVE-2020-8349

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...

CVE-2020-8349

CVE-2020-8349 affects Cloud Networking Operating System (CNOS) via the optional REST API management interface. The vulnerability is unauthenticated remote code execution that is not present when the REST API interface is disabled; if enabled, access is limited to the VRF and governed by ACLs. Imp...

CVE-2020-3567

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

Input validation

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2020-3567

CVE-2020-3567 affects Cisco Industrial Network Director (IND) via the management REST API. Affected versions prior to 1.9.0 (per CNVD entry) expose a vulnerability where insufficient validation of REST requests allows an authenticated, remote attacker to trigger high CPU utilization, causing a pe...

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

Design/Logic Flaw

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

CVE-2020-26876

CVE-2020-26876 – WordPress WP Courses Plugin up to version 2.0.27/2.0.29 suffers an information-disclosure via the REST API. The issue stems from show_in_rest being enabled for custom post types, allowing access to private course videos and materials through endpoints like /wp-json/wp/v2/course o...

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

Cloud Networking Operating System (CNOS) Vulnerability - Lenovo Support US

No description provided...

CVE-2019-4325

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...

Design/Logic Flaw

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...

CVE-2019-4325

CVE-2019-4325 affects HCL AppScan Enterprise; root cause is the use of broken or risky cryptographic algorithms to store REST API user details. Impact and remediation details are not explicitly provided in the connected documents; refer to the CVE entry for basic score context (MEDIUM) and the ve...