Jimoty 信任管理问题漏洞

Jimoty is a Web site of Jimoty Japan, Inc. It is used to provide help, information dissemination and other services to local people. Jimoty App for Android is vulnerable to a trust management issue, which exists due to hard-coded credentials in the application code. A local attacker could exploit...

CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API...

NumPy 安全漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

Cvxopt 安全漏洞

Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

...

Tibco Software TIBCO Spotfire Server 安全漏洞

Tibco Software TIBCO Spotfire Server is a suite of TIBCO Spotfire data analytics and mining tools based platforms from Tibco Software USA that provide integration, operation, and management for organizations. A security vulnerability exists in TIBCO Spotfire Server that allows a malicious custom...

GHSA-GFHX-JJWQ-63GV Cross-site Scripting in Apereo CAS

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

The vulnerability of the Web interface and API of the Cisco Application Policy Infrastructure Controller allows attackers to execute cross-site scripting attacks.

The vulnerability of the Cisco Application Policy Infrastructure Controller’s web interface and API exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-36310

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service...

Dell Networking OS10 安全漏洞

Dell Networking OS10 is a Linux-based network switch operating system from Dell DELL U.S.A. An elevation of privilege vulnerability exists in Dell Networking OS10, which could be exploited by an attacker with specific API access to gain administrator privileges on the affected system...

CVE-2021-43563

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to...

The vulnerability of the REST API interface of the system’s unified endpoint management console for VMware Workspace ONE UEM allows a attacker to trigger a service failure.

The vulnerability of the REST API interface of the Unified Management Console for VMware Workspace ONE UEM involves improper rate limiting at the endpoint level. Exploiting this vulnerability allows an attacker to cause service failures by sending a large number of requests...

PT-2021-22752 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.9.6 and later Description: An information disclosure issue in the GitLab CE/EE API allows a user to view basic information about private groups that a public project has been shared with. Recommendations: For GitLab...

Jeedom 安全漏洞

Jeedom is an open source home automation solution for the Internet of Things. Jeedom suffers from a security vulnerability that allows a remote attacker to bypass API access and retrieve user credentials...

GitLab 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...

CVE-2021-38471

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...

PT-2021-22137 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The issue concerns the product's failure to properly control resource allocation. This could allow a user to allocate unlimited memory buffers by utilizing API functions. Recommendations: A...

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

AZL-6708 CVE-2021-35597 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...

AUVESY Versiondog 资源管理错误漏洞

AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a resource management error vulnerability exists in AUVESY Versiondog, which can be exploited by attackers to allocate unlimited memory buffers using API functions...