IBM Spectrum Scale 安全漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...

Aruba Networks AirWave Management Platform SQL注入漏洞

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. An SQL injection vulnerability exists in the API of Aruba Networks...

Datadog API 安全漏洞

Github datadog-api-client-java is Github an open source application . Provides a JAVA API interface. Datadog API before version 1.0.0-beta.9 A security vulnerability exists in the Datadog API before version 1.0.0-beta.9, which stems from a local disclosure of sensitive information downloaded...

GitHub Enterprise Server 安全漏洞

GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...

The vulnerability of the API component of the Cisco ACI Multi-Site Orchestrator (MSO) allows a attacker to obtain a token with administrator privileges.

The vulnerability of the API component of the Cisco ACI Multi-Site Orchestrator MSO exists due to improper verification of tokens after they are released. Exploiting this vulnerability can allow an attacker who operates remotely to obtain tokens with administrator privileges...

CVE-2021-1388

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

The vulnerability of the APIs of the Oracle Installed Base information storage center component of the Oracle E-Business Suite, which exists due to insufficient verification of input data, allows a perpetrator to modify the data.

The vulnerability of the APIs of the Oracle Installed Base information storage center component in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to modify, add, or...

OESA-2021-1016 tpm2-tss security update

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.\r\n\r\n Security Fixes:\r\n\r\n No description is available for this CVE.CVE-2020-24455\r\n\r\n...

vulscan

This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...

Cisco DNA Center 安全漏洞

Cisco DNA Center is the network management and command center for Cisco DNA. An information disclosure vulnerability exists in the Configuration Archiving feature in Cisco DNA Center versions prior to 2.1.2.0. The vulnerability stems from the fact that configuration archive files are stored in...

PYSEC-2021-876

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface...

Apache DolphinScheduler Permission License and Access Control Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation. A security vulnerability exists in Apache DolphinScheduler prior to 1.3.2, which allows normal users to override other users' passwords via the API interface...

Tenda AC6 Denial of Service Vulnerability

Tenda AC6 is an AC1200 model intelligent dual-band WiFi router. A denial of service vulnerability exists in Tenda AC6 15.03.06.51multi. An attacker can exploit this vulnerability by sending a large HTTP POST request to the Change Password API to cause the router to crash and enter an infinite boo...

Solarwinds Orion Platform Authorization Issues Vulnerability

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user comments, and a mapped view of the entire network. The...

The vulnerability of the REST API interface implementation of the Cisco Industrial Network Director software package allows a attacker to trigger a service failure.

The vulnerability of the REST API interface implementation of the Cisco Industrial Network Director software is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Multiple vulnerabilities exist in the API subsystem of the Cisco Integrated Management Controller, a remote management device for servers. These vulnerabilities allow an attacker to execute arbitrary code.

The multiple vulnerabilities of the API subsystem of the Cisco Integrated Management Controller remote management server are related to operations that go beyond the buffer in memory. Exploitation of these vulnerabilities could allow a malicious actor to execute arbitrary code using specially...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a perpetrator to gain unauthorized access to protected information, enabling read, modify, or delete operations on data.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software lies in the absence of a authentication mechanism for accessing the database. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

Cisco IoT Field Network Director File Overwrite Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A file overwrite vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from inadequate file system protection. An attacker can exploit the...