Dell NetWorker 安全漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in DELL EMC NetWorker that originates from an improper implementati...

[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34

This software is an implementation of the Precision Time Protocol PTP according to IEEE standard 1588 for Linux. The dual design goals are to provi de a robust implementation of the standard and to use the most relevant and mode rn Application Programming Interfaces API offered by the Linux kerne...

DEBIAN-CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

PT-2021-6527 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.15 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.3 MediaWiki versions 1.36.x before 1.36.1 Description: The issue concerns unintended API access for bots in MediaWiki. When a bot account has a...

Remote code execution

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The...

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...

The vulnerability of the programmatically defined Cisco SD-WAN API component allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the programmable Cisco SD-WAN API component is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

The vulnerability of the API sub-component of the Oracle Installed Base component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the API sub-component of the Oracle Installed Base component in the Oracle E-Business Suite system for automating business operations is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device...

Cisco SD-WAN vManage Software 资源管理错误漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A denial of service vulnerability exists in the API of Cisco SD-WAN vManage, which stems from insufficient handling of API requests and can be exploited by an attacker to cau...

CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...

CubeCoders AMP 安全漏洞

AMP is a software application. for tracking all issues and bugs within the CubeCoders AMP platform. A security vulnerability exists in CubeCoders AMP versions prior to 2.1.x series 2.1.1.2 that allows an authenticated remote user to open a port in the local system firewall by writing an HTTPS...

China Mobile An Lianbao WF-1 命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 1.01, which originates from a POST request to api ZRQos to set up an online client via the "ip" parameter...

The vulnerability of the ABAP Server component of the SAP NetWeaver software integration platform allows a hacker to inject arbitrary code.

The vulnerability of the ABAP Server component of the SAP NetWeaver software integration platform is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely...

PT-2021-15763

Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...

MediaWiki 权限许可和访问控制问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...

Dolby DAX2 API Service 代码问题漏洞

The Dolby DAX2 API Service is an audio service component from Dolby Laboratories USA. A code issue vulnerability exists in Dolby Audio X2 DAX2 API service versions prior to 0.8.8.90 that allows local users to gain privileges...

UBUNTU-CVE-2021-22202

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API...

PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...

GitHub node-etsy-client 信息泄露漏洞

GitHub node-etsy-client is a GitHub open source application. nodeJs Etsy ReST API client. A security vulnerability exists in node-etsy-client that stems from a reported client-side error will also provide the api key value...