138 matches found
Jenkins Groovy Plugin sandbox bypass vulnerability
Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...
Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability
Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...
Nutanix Data Collection
Collects Nutanix data using REST APIs. TRUSTED...
OpenAPI Missing MIME Types
OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. The consumes field defines the expected data types for POST, PU...
OpenAPI Unencrypted Traffic Allowed
OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. As for web applications, allowing unencrypted protocols to acce...
Swurg - Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments
Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification OAS defines a standard, programming language-agnostic interface description for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring acce...
Fedora: Security Advisory for libzapojit (FEDORA-2021-77ce69dba6)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: libzapojit-0.0.3-21.fc35
GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and phot...
Fedora: Security Advisory for libzapojit (FEDORA-2021-7f5a82ef57)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: libzapojit-0.0.3-19.fc33
GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and phot...
[SECURITY] Fedora 34 Update: libzapojit-0.0.3-20.fc34
GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and phot...
Fedora: Security Advisory for python-flask-restx (FEDORA-2021-0739f45529)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: python-flask-restx-0.3.0-2.fc34
Flask-RESTX is an extension for Flask that adds support for quickly building REST APIs. It encourages best practices with minimal setup. If you are familiar with Flask, Flask-RESTX should be easy to pick up. It provides a coherent collection of decorators and tools to describe your API and expose...
APICheck - The DevSecOps Toolset For REST APIs
APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: Developers...
Saferwall - A Hackable Malware Sandbox For The 21St Century
Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generates an automated malware analysis report. Hunting platform to find new malwares...
SQL Injection
kylin-server-base is vulnerable to SQL injection. SQL statements are concatenated and executed in the CLI or beeline when building new segments, allowing an attacker to inject and execute arbitrary SQL statements if system configurations are overwritten via rest APIs...
Securing GraphQL API
Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...
CVE-2020-12142
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
CVE-2020-12142 IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
Jenkins < 2.219, < 2.204.2 LTS Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...