Jumpserver Information Disclosure Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an information disclosure vulnerability caused by exposing random number seeds to the API, which could allow replay of randomly generated CAPTCHAs, leading to password...

The vulnerability of the application software interface of the microprogramming system for controller security and session management in IP networks, OpenScape SBC (Session Border Controller), the software tool for integrating communication systems into a unified communication system, OpenScape BCF (Business Communication Fabric), and the OpenScape Branch server allow a perpetrator to execute arbitrary PHP code.

The vulnerability of the application programming interface of microprogramming software for controlling security and managing communication sessions in IP networks, the OpenScape SBC Session Border Controller, a software tool for integrating communication systems into a unified communication...

Undefined Behavior for Input to API in Mutt

...

The vulnerability of the local management platform FortiSwitchManager, related to errors in access control, allows a attacker to modify settings by sending commands through the application programming interface.

The vulnerability of the FortiSwitchManager local management platform is related to errors in access control. Exploiting this vulnerability allows a malicious actor to make changes to settings by sending commands through the application programming interface...

The vulnerability of the iperf function in the application software interface for ASUS RT-AX55, RT-AX56U, and RT-AC86U routers allows a hacker to execute arbitrary code.

The vulnerability of the iperf function in the application programming interface for ASUS RT-AX55, RT-AX56UV2, and RT-AC86U routers is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

Fortinet FortiSwitchManager 安全漏洞

Fortinet FortiSwitchManager is a network switch management tool from Fortinet designed to help organizations manage their FortiSwitch family of network switches. An improper access control vulnerability exists in Fortinet FortiSwitchManager. The vulnerability is caused by a flawed authentication...

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a Format String Error vulnerability that stems from a format string vulnerability found in the iperf client function API...

WireMock security vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a security vulnerability that stems from vulnerability to DNS rebinding attacks...

PT-2023-17071 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where a namespace-level banned user can access the API. Recommendations: For GitLa...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that user...

The administration panel of the Ivanti Sentry integrated mobile security firewall has vulnerabilities. These vulnerabilities allow a intruder to modify configurations, execute system commands, or write files to the system.

The vulnerability of the administration panel of the Ivanti Sentry integrated mobile security gateway is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify configurations, execute system commands, or write files to the syst...

CVE-2023-24515

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...

PT-2023-28767 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to a Denial of Service DoS that can be caused by an authenticated user to the REST API Interface. Recommendations: ...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

Qualcomm Chipsets Code Issue Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in the Qualcomm Chipsets that originates from a memory corruption in the Trusted Execution Environment when a service API is called with an invalid address...

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

Control ID IDSecure Security Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the presence of a number of API routes, thereby disclosing sensiti...

CVE-2023-23476

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...

PT-2023-20643 · Unknown · Ox Count Web Service

Name of the Vulnerable Software and Affected Versions: OX Count web service affected versions not specified Description: The issue arises from the OX Count web service not specifying a media-type when processing responses from external resources. This allows malicious script code to be executed...