Design/Logic Flaw

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

CVE-2019-3879

In oVirt, REST API before version 4.3.2.1 allows RemoveDiskCommand to run as an internal command, skipping permission validation and enabling a low-privilege user to delete disks attached to guests. A fix exists in 4.3.2.1 and later; upgrade to that version or apply the relevant Red Hat/oVirt upd...

CVE-2019-3879

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

CVE-2019-3879

It was discovered that in the ovirt REST API, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges e.g. Basic Operations could exploit this flaw to delete disks attached to...

CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

Design/Logic Flaw

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

CVE-2018-19365

Wowza Streaming Engine 4.7.4.01 REST API is vulnerable to directory-traversal, allowing remote attackers to read arbitrary files via crafted HTTP requests. Root cause: insufficient validation in the REST API path enables traversal of the server’s directory structure. Impact: potential unauthorize...

Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-7510

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-18815

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...

Authorization

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...

CVE-2018-18815

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...

CVE-2018-18815

CVE-2018-18815 affects the REST API component of TIBCO JasperReports Server and related editions, enabling unauthenticated bypass of authorization for portions of the HTTP interface. Affected releases include JasperReports Server 6.4.0–6.4.3 and 7.1.0, Community Edition up to 7.1.0, ActiveMatrix ...

CVE-2018-18815 TIBCO JasperReports Server User Information Disclosure

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...

WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities

Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son Category: WebApps, WordPress Tested...

WordPress Plugin Cerber Security_ Antispam Malware Scan 8.0 - Multiple Bypass Vulnerabilities

WordPress Plugin Cerber Security Antispam Malware Scan 8.0 - Multiple Bypass Vulnerabilities Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link:...

WordPress Cerber Security Antispam & Malware Scan 8.0 Plugin - Multiple Bypass Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son...

Snapd Flaw Lets Attackers Gain Root Access On Linux Systems

Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "DirtySock " and identified as CVE-2019-7304 , the vulnerability...