CVE-2021-3036

The CVE-2021-3036 issue affects Palo Alto Networks PAN-OS where secrets are logged in cleartext in web server logs when the PAN-OS XML API is used with duplicate API parameters. Affected component: PAN-OS XML API request handling; root cause: logging of administrator credentials (username, passwo...

wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...

CVE-2019-14984

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

Design/Logic Flaw

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

CVE-2019-14984

CVE-2019-14984 affects eQ-3 Homematic CCU2/CCU3 when the XML-API AddOn is installed up to version 1.2.0. The undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request, enabling Remote Code Execution by unauthenticated attackers who have access to the web int...

CVE-2019-14984

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

CVE-2017-18478

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...

CVE-2017-18478

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...

Design/Logic Flaw

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...

CVE-2017-18478

Affected software: cPanel prior to 62.0.4. Vulnerability: incorrect ACL checks in xml-api for Rearrange Account actions, caused by an ACL bypass issue. Impact: potential improper access control. Mitigation: upgrade to 62.0.4 or later (as cited by cPanel and related CVE records). Notes: the connec...

CVE-2017-18478

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...

Information disclosure

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API in PAN-OS and...

Information Disclosure in PAN-OS Management API Usage

An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...

The vulnerability of the XML API software interface of the Cisco TelePresence Video Communication Server and the Cisco Expressway gateway software allows a perpetrator to induce a service failure.

The vulnerability of the XML API software interface of Cisco TelePresence Video Communication Server and the Cisco Expressway gateway software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

CVE-2019-1720

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

Design/Logic Flaw

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

CVE-2019-1720 Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

CVE-2019-1720

Summary: Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) expose a denial-of-service vulnerability via their XML API. An authenticated remote attacker can send a crafted XML payload to trigger CPU resource exhaustion, causing DoS. Affected versions: all before X12.5...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 2 (VA MN: 7.0.2-403, VA Agent: 7.0.2-189)

This hotfix for Virtuozzo Automator 7.0.2 provides stability and usability bug fixes. Vulnerability id: PVA-37045 The Management Node did not recognize bonded network during VLAN creation. Vulnerability id: PVA-37041 Could not create virtual network for a VLAN created by the Virtuozzo installer...