449 matches found
Apex Softcell LD Geo 安全漏洞
Apex Softcell LD Geo is an application from Apex Softcell. Apex Softcell LD Geo has a security vulnerability that stems from improper validation of transaction token IDs in the API endpoint...
CVE-2024-45790
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...
CVE-2024-35151
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs...
Changing TCBServiSign 安全漏洞
Changing TCBServiSign is a cross-platform security control component from Changing, China. A security vulnerability exists in Changing TCBServiSign versions prior to 1.0.24.0318, which stems from a specific API that does not correctly validate the length of server-side inputs, and allows an...
Xibo CMS SQL注入漏洞
Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing authenticated users to obtain and modify arbitrary data from the database by injecting specially crafted values into the API...
WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability
Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Tablesome versions = 1.0.33...
PT-2024-24281 · Ibm · Ibm Mq
Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.0 LTS through 9.3 CD Description: The issue is caused by an error processing messages when an API Exit using MQBUFMH is used, leading to a denial of service attack in certain configurations. Recommendations: For IBM MQ...
PT-2024-20446
Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description The issue concerns the use of predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens, such as the API token and the user token. This allows attackers to...
PT-2024-21673 · Toshiba · Toshiba Printers
Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns a time-based blind XML External Entity XXE vulnerability in the XML parsing library used by the API endpoint of Toshiba printers. This vulnerability can be...
CVE-2024-37163 SkyScrape Secure API Requests
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0...
AZL-68069 CVE-2024-36951 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api ...
PT-2024-26504 · Irontec +1 · Sngrep +1
Name of the Vulnerable Software and Affected Versions: Irontec Sngrep version 1.8.1 Description: The issue is a heap buffer overflow that can be triggered via the rtp check packet function, located at /sngrep/src/rtp.c. This allows attackers to cause a Denial of Service DoS by sending a crafted S...
PT-2024-7078 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.4 through 17.2.8 GitLab EE/CE versions 17.3 through 17.3.4 GitLab EE/CE versions 17.4 through 17.4.1 Description: The issue is related to errors in the representation of given functions in the GitLab platform, allowin...
Paperless-ngx 安全漏洞
Paperless-ngx is a document management system from paperless-ngx open source. A security vulnerability exists in Paperless-ngx versions 2.5.0 through 2.8.6, which stems from remote user authentication allowing API access even when API access is explicitly disabled...
PT-2024-22285 · Phoenix Contact · Charx Sec-3100
Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 affected versions not specified Description: A low privileged remote attacker can exploit a command injection vulnerability in the API, which allows remote code execution as the user-app user due to improper inp...
Apache Superset 安全漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 3.1.2, which can be exploited by an authenticated attacker to access metadata from data sources they are not authorized to vie...
PT-2024-25199 · Tvs · Tvs Connect Ios +1
Name of the Vulnerable Software and Affected Versions: TVS Connet Android versions 4.5.1 TVS Connet iOS versions 5.0.0 Description: An issue in TVS Connet allows a remote attacker to obtain sensitive information via an insecure API endpoint. Recommendations: For TVS Connet Android version 4.5.1,...
Ollama 安全漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.29 that stems from the presence of a DNS rebinding vulnerability that could inadvertently allow remote access to the full API, which...
PT-2024-23403 · WordPress · Wordpress Announcement & Notification Banner Plugin – Bulletin
Name of the Vulnerable Software and Affected Versions: WordPress Announcement & Notification Banner Plugin – Bulletin versions 3.8.5 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allo...
nss: timing attack against RSA decryption
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...