cPanel cross-site scripting vulnerability (CNVD-2020-54779)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 90.0.10, which stems from self XSS that allows the...

The vulnerability in the software interface of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server’s API packages allows a perpetrator to execute arbitrary code.

The vulnerability of the software interface APIs of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to execute arbitrary code...

UBUNTU-CVE-2020-13297

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint...

IBM API Connect Phishing Attack Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A phishing attack vulnerability exists in IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an attacker to conduct a phishing attack by tricking the server into generating a user registration email...

CloudForms: User Impersonation in the API for OIDC and SAML

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request...

The vulnerability of the kernel API of Windows operating systems allows attackers to enhance their privileges within the target system.

The vulnerability of the Windows operating system’s kernel API arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a hacker to enhance their privileges in the target system through a specially created application...

ALEOS API Abuse Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. An API abuse vulnerability exists in the AT Command API in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which stems from a lack of length checking when processing certain user-supplied values, a...

Cisco Data Center Network Manager REST API Endpoint Input Validation Error Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An input validation error vulnerability exists in the REST API endpoint in Cisco...

CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

The vulnerability of Cisco UCS Director, a management tool for physical infrastructure and virtual environments, stems from the lack of protection for service data. This allows attackers to exploit the system to disclose sensitive information that should be protected.

The vulnerability of the Cisco UCS Director tool for managing physical infrastructure and virtual environments is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information by sending a...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-52022)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1 and 4.0.5. An attacker can exploit the vulnerability by adding a DEBUG line to the log with the help of the loggin...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-48235)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to gain privileges by accessing API endpoints...

Mattermost Server Access Privilege Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. An attacker can exploit the vulnerability to gain access to API endpoints after a...

PT-2020-8461

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: An issue was discovered in Mattermost Server. After a restart of a server, an attacker might suddenly...

Cisco UCS Director Information Disclosure Vulnerability

Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. An information disclosure vulnerability exists in the REST API in Cisco UCS Director versions prior to 6.7.4.0, which stems from an API response displaying confidential information. A...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

Cisco IOS XE Privilege Permission and Access Control Issues Vulnerability (CNVD-2020-31976)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A privilege-granting and access-control issue vulnerability exists in the authorization control of the Cisco IOx application hosting infrastructure in Cisco IOS XE 16.3.1 and later...

Cisco Unified Contact Center Express Authorization Issues Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An authorization issue vulnerability exists...

CVE-2020-3333

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...