Vulnerability discovered in F5 BIG-IP and BIG-IQ

F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...

Modicon M580/BMENOC 0311/BMENOC 0321 Denial of Service Vulnerability

The Modicon M580/BMENOC 0311/BMENOC 0321 are programmable logic controllers from Schneider Electric. A denial of service vulnerability exists in the Modicon M580/BMENOC 0311/BMENOC 0321. An attacker can exploit this vulnerability to cause a denial of service by sending specific data via the...

NewStart CGSL MAIN 4.05 : pcs Vulnerability (NS-SA-2019-0143)

The remote NewStart CGSL host, running version MAIN 4.05, has pcs packages installed that are affected by a vulnerability: - It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

CVE-2019-6622

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems...

CVE-2019-4381

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159...

PT-2019-17049 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i version 7.27.3 Description: The issue allows a local attacker to obtain sensitive information by exploiting the use of advanced node failure detection using the REST API to interface with the HMC. This could potentially allow an attacke...

The vulnerability of the REST API interface of the Junos operating system allows a perpetrator to gain access to information about user account passwords.

The vulnerability of the REST API interface of the Junos operating system is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to information about user account passwords...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

CVE-2019-0301

Technical details (affected product/versions, root cause, impact) are not publicly available in the provided documents. Monitor for updates.

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

Tic Toc Pwned

We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That’s the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch...

PT-2019-2085 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 14.1X53-D49 Junos OS versions prior to 15.1F6-S12 Junos OS versions prior to 15.1R7-S3 Junos OS versions prior to 15.1X49-D160 Junos OS versions prior to 15.1X53-D236 Junos OS versions prior to 15.1X53-D495 Junos OS...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

Design/Logic Flaw

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

PT-2019-8601 · Ovirt · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: ovirt-engine version 4.1 Description: The issue allows the root password to be revealed through the REST interface if a host was provisioned with cloud-init. Recommendations: For ovirt-engine version 4.1, update to a version that includes a f...