1083 matches found
Total.js CMS Elevation of Privilege Vulnerability
Total.js CMS is a Node.js content management system. Total.js CMS 12.0.0 suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain access to other resources by calling the associated API...
Vanilla: Conversation API Leaks Details Of UnAuthorized Conversations
Summary: If a user creates a conversations, and then leaves, all API calls and web access to that conversation is locked down. Except for one particular API call which allows you to see details about ongoing conversations you have since left as long as you created the conversation in the first...
Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger
UPDATE Researchers have uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. The...
PT-2019-7144 · Red Hat · Foreman
Name of the Vulnerable Software and Affected Versions: foreman versions 1.x.x before 1.15.6 Description: The issue is related to improper enforcement of access controls on certain resources in foreman, within Satellite 6. An attacker with access to the API and knowledge of the resource name can...
Flexible and Controlled Openness: Carbon Black’s API Approach
At Carbon Black, we believe that making our customers successful requires both an open platform and the control they need to build endpoint protection into the ideal security processes they’ve designed for their specific organization. From maintaining relationships with our 100+ integration...
Mozilla: Same-origin policy treats all files in a directory as having the same-origin
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
Information Disclosure
sonarqube is vulnerable to information disclosure. Improperly configured access controls of the API allows an attacker to discover valid user account logins...
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
DEBIAN-CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
Design/Logic Flaw
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
UBUNTU-CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
CVE-2016-7404
CVE-2016-7404 affects OpenStack Magnum where credentials are passed into Heat templates for instance creation. The underlying issue is that these credentials, intended for SSL certificate retrieval, can be exploited to perform any API operation the user is authorized to perform, enabling full API...
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
Uber: [Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo
A username and certificate was found that allows API access to Phabricator on code.uberinternal.com. This API access could give away source cod and the private phabricator instance of Uber...
Information Disclosure
Pulp is vulnerable to information disclosure. An attacker with API access can view sensitive credentials when triggering a task via distributor/importer...
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, due to missing checks for .. in a pathname. This creates an unrestricted API exposure that could allow an unauthenticated remote attacker to perform unauthorized actions via the API. The issue is patched in the 2.4 branch, with 2.5....
TIBCO Security Advisory: April 24, 2019 - TIBCO BPM Enterprise -2019-11203
TIBCO BPM Enterprise Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Original release date: April24, 2019 Last revised: CVE-2019-11203 Source: TIBCO Software Inc. TIBCO ActiveMatrix BPM Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Original release date:...