PT-2022-15400 · Red Hat · Red Hat Advanced Cluster Management For Kubernetes

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Management for Kubernetes affected versions not specified Description: A flaw was found in the search-api container when a query in the search filter gets parsed by the backend. This issue allows an attacker to craft...

CVE-2022-2238

A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting...

Red Hat search-api 资源管理错误漏洞

Red Hat search-api is a software component from Red Hat that allows developers to seamlessly introduce search functionality into websites and applications. It provides back-end tools for indexing documents, querying various types of data, managing cluster configurations, viewing search analytics,...

GHSA-4465-R2HG-V4RJ CiviCRM SQL injection vulnerability via Quick Search API

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...

CiviCRM SQL injection vulnerability via Quick Search API

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...

GHSA-4VR8-R7QR-FPVQ Plone Privilege escalation through exposed underlying API

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API...

SAP Commerce SQL注入漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. SAP Commerce suffers from an SQL injection vulnerability that stems from the software's lack of effective filtering and...

Search API Pages - Critical - Cross Site Scripting - SA-CONTRIB-2021-046

This module enables you to create simple search pages based on Search API without the use of Views. The module doesn’t sufficiently escape all variables provided for custom templates. This vulnerability is mitigated by the fact that the default template provided by the module is not affected...

Search API attachments - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-034

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes. The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code executio...

Facets - Moderately critical - Cross site scripting - SA-CONTRIB-2021-008

This module enables you to add customizable facets on search pages, from core search or searches provided by Search API. The module doesn't sufficiently filter all output in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

FreeBSD : glpi -- SQL Injection in Search API (0ba61fcc-3b38-11eb-af2a-080027dbe4b7)

MITRE Corporation reports : In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or...

Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1

Oct. 26, 2020 Pavel Zilke 9.5.2-alt1 - New version 9.5.2 - Security fixes: + CVE-2020-15176 : SQL injection with a query parameter of user form + CVE-2020-15175 : Removal of .htaccess file in the files folder via a plugin endpoint + CVE-2020-15217 : Leakage issue with knowledge base +...

glpi -- SQL Injection in Search API

MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or databa...

GitLab Information Disclosure Vulnerability (CNVD-2020-17482)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

CVE-2019-12431

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control...

Improper access control

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control...

CVE-2019-12431

Affected software: GitLab Community and Enterprise Edition 8.13–11.11. The issue is improper access control where restricted users could access metadata for private milestones via the Search API, exposing sensitive milestone data. Root cause: improper access control. Impact: information disclosur...

CVE-2019-19629

In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration...

CVE-2019-19629

CVE-2019-19629 affects GitLab Enterprise Edition (EE) versions 10.5 through 12.5.3, 12.4.5, and 12.3.8. The issue arises during transfer of a public project to a private group, where private code could be disclosed through the Group Search API provided by the Elasticsearch integration. Multiple s...

CVE-2019-19629

Removed by vendor...