CVE-2018-1086

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...

PT-2018-10147 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: pcs versions prior to 0.9.164 pcs version 0.10 and earlier Description: The issue concerns a debug parameter removal bypass in the pcsd service's REST interface. Specifically, the /run pcs query did not properly remove the pcs debug argument,...

CVE-2017-14801 Reflected xss in Admin Console REST interface

Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter...

Swagger-Parser's and swagger-codegen Arbitrary Code Execution Vulnerabilities

Swagger-Parser's is a Swagger cross-language REST API interface parser. swagger-codegen is an API development tool. A security vulnerability exists in Swagger-Parser's 1.0.30 and earlier and swagger-codegen 2.2.2 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...

PT-2017-6113 · Red Hat · Ovirt

Name of the Vulnerable Software and Affected Versions: oVirt versions 3.2.2 through 3.5.0 Description: The issue allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user, due to the...

PowerDNS dnsdist Authentication Bypass Vulnerability

dnsdist is a load balancer that diverts traffic to different servers to provide optimal performance for users. A security vulnerability exists in the REST API authentication mechanism in dnsdist version 1.1.0. An attacker can exploit the vulnerability to bypass access restrictions with the help o...

DEBIAN-CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

UBUNTU-CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

UBUNTU-CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

BASS Automated Signature Synthesizer: BASS

BASS Automated Signature Synthesizer BASS pronounced “bæs” is a framework designed to automatically generate antivirus signatures from samples belonging to previously generated malware clusters. It is meant to reduce resource usage of ClamAV by producing more pattern-based signatures as opposed t...

Serviio PRO DLNA Media Streaming Server - REST API Arbitrary Code Execution Vulnerability

Serviio PRO is a DLNA media server. An arbitrary code execution vulnerability exists in Serviio PRO DLNA Media Streaming Server - REST API. The vulnerability allows attackers to execute arbitrary code...

CVE-2017-8403

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application...

Cross-site Scripting (XSS)

Glassfish is vulnerable to cross-site scripting XSS attacks. A malicious user can execute arbitrary script via the REST interface...

Zammad Cross-Site Request Forgery Vulnerability

Zammad is a web-based, open-source helpdesk/customer support system from the German company Zammad, with many features to manage customer communication through multiple channels such as phone calls. Zammad suffers from a cross-site request forgery vulnerability. An attacker could use this...

WordPress Information Disclosure Vulnerability (CNVD-2017-00618)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php file...

RedHat Update for subscription-manager RHSA-2016:2592-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: subscription-manager security, bug fix, and enhancement update

An update for subscription-manager, subscription-manager-migration-data, and python-rhsm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Multiple vulnerabilities in Drupal REST JSON module

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.REST JSON is one of the interface modules used to expose Drupal content. The Drupal REST JSON module version 7.x-1.x has a 1. security bypass vulnerability 2. user enumeration...

The vulnerability of the Business Process Manager system allows a perpetrator to circumvent existing access restrictions and update dynamic processes.

The vulnerability of the Business Process Manager system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and update process variables through calls to the REST API...