The vulnerability of the Web interface and API of the Cisco Application Policy Infrastructure Controller allows attackers to execute cross-site scripting attacks.

The vulnerability of the Cisco Application Policy Infrastructure Controller’s web interface and API exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-36310

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service...

Dell Networking OS10 安全漏洞

Dell Networking OS10 is a Linux-based network switch operating system from Dell DELL U.S.A. An elevation of privilege vulnerability exists in Dell Networking OS10, which could be exploited by an attacker with specific API access to gain administrator privileges on the affected system...

CVE-2021-43563

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to...

The vulnerability of the REST API interface of the system’s unified endpoint management console for VMware Workspace ONE UEM allows a attacker to trigger a service failure.

The vulnerability of the REST API interface of the Unified Management Console for VMware Workspace ONE UEM involves improper rate limiting at the endpoint level. Exploiting this vulnerability allows an attacker to cause service failures by sending a large number of requests...

PT-2021-22752 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.9.6 and later Description: An information disclosure issue in the GitLab CE/EE API allows a user to view basic information about private groups that a public project has been shared with. Recommendations: For GitLab...

Jeedom 安全漏洞

Jeedom is an open source home automation solution for the Internet of Things. Jeedom suffers from a security vulnerability that allows a remote attacker to bypass API access and retrieve user credentials...

GitLab 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...

CVE-2021-38471

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...

PT-2021-22137 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The issue concerns the product's failure to properly control resource allocation. This could allow a user to allocate unlimited memory buffers by utilizing API functions. Recommendations: A...

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

AZL-6708 CVE-2021-35597 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...

AUVESY Versiondog 资源管理错误漏洞

AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a resource management error vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to allocate unlimited memory buffers using API functions...

CVE-2021-38431

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users...

Zammad 信息泄露漏洞

Zammad is an open source web-based help desk/customer support system. versions prior to Zammad 4.1.1 are vulnerable to information disclosure. An attacker could exploit the vulnerability to obtain sensitive information via the REST API...

PT-2021-5118 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: The issue is related to insufficient input validation for specific API endpoints in the REST API of Cisco Identity Services Engine. This could allow a remote attacker...

UBUNTU-CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

UBUNTU-CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

PT-2021-22722 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 and later Description: The issue allows an attacker to see pending invitations of any public group or public project by visiting a specific "API endpoint". Recommendations: For GitLab CE/EE versions 13.6 and later,...

VMware vCenter Server 信息泄露漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...