NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

NewStart CGSL MAIN 4.05 : pcs Vulnerability (NS-SA-2019-0143)

The remote NewStart CGSL host, running version MAIN 4.05, has pcs packages installed that are affected by a vulnerability: - It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A...

CVE-2019-6622

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems...

CVE-2019-4381

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159...

PT-2019-17049 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i version 7.27.3 Description: The issue allows a local attacker to obtain sensitive information by exploiting the use of advanced node failure detection using the REST API to interface with the HMC. This could potentially allow an attacke...

The vulnerability of the REST API interface of the Junos operating system allows a perpetrator to gain access to information about user account passwords.

The vulnerability of the REST API interface of the Junos operating system is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to information about user account passwords...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

CVE-2019-0301

Technical details (affected product/versions, root cause, impact) are not publicly available in the provided documents. Monitor for updates.

Tic Toc Pwned

We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That’s the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch...

PT-2019-2085 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 14.1X53-D49 Junos OS versions prior to 15.1F6-S12 Junos OS versions prior to 15.1R7-S3 Junos OS versions prior to 15.1X49-D160 Junos OS versions prior to 15.1X53-D236 Junos OS versions prior to 15.1X53-D495 Junos OS...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

Design/Logic Flaw

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

PT-2019-8601 · Ovirt · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: ovirt-engine version 4.1 Description: The issue allows the root password to be revealed through the REST interface if a host was provisioned with cloud-init. Recommendations: For ovirt-engine version 4.1, update to a version that includes a f...

PT-2019-9793 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine version 4.7.4.01 Description: The issue allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. This is related to the REST API in Wowza Streaming Engine...

Severe Flaw Disclosed In StackStorm DevOps Automation Software

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful...