CVE-2020-1688

Technical details (affected products/versions/impact/fix) are not publicly available in the provided connected documents. Monitor for updates.

PT-2020-4582 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to incorrect permissions within the Integrations component, which could be exploited by users with permissions to the Pages resource to delete cms pages via the...

Cisco Industrial Network Director Denial of Service Vulnerability

Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A denial of service vulnerability exists in the management REST API in Cisco Industrial Network Director...

CVE-2020-15243

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...

Authentication flaw

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...

CVE-2020-15243

CVE-2020-15243 affects Smartstore 4.0.0 and 4.0.1 with the Web API plugin installed and activated, where a missing WebApi Authentication attribute creates a vulnerability. The recommended remediations are to merge the 4.0.x branch (or overwrite the SmartStore.Web.Framework in the deployed shop’s ...

CVE-2020-3567

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2019-16004

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerabili...

Acronis: No brute force protection on web-api-cloud.acronis.com

There was no brute force protection on https://web-api-cloud.acronis.com/api/idp/v1/token endpoint...

CVE-2020-3521

A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker...

CVE-2019-11858

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9...

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9...

CVE-2019-11858

CVE-2019-11858 involves multiple buffer overflow vulnerabilities in the AceManager Web API of the ALEOS platform. Connected sources indicate the affected software is ALEOS with vulnerable AceManager Web API versions prior to 4.13.0 , 4.9.5 , and 4.4.9 . The root cause is described as buffer overf...

CVE-2019-11858 ALEOS Multiple Web UI vulnerabilities

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9...

CVE-2020-5377

Dell EMC OpenManage Server Administrator OMSA versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain...

PT-2020-18440 · Dell Emc · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell EMC OpenManage Server Administrator OMSA versions 9.4 and prior Description: The issue allows an unauthenticated remote attacker to potentially exploit multiple path traversal vulnerabilities by sending a crafted Web API request containi...

The vulnerability of the update service for microprogramming software of Cisco TelePresence Collaboration Endpoint Software and the Cisco RoomOS operating system allows a hacker to modify the file system, trigger a service failure, or gain privileged access to the root file system.

The vulnerability of the software update service for Cisco TelePresence Collaboration Endpoint Software and the operating system Cisco RoomOS exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

Cross site scripting

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...