ALEOS API Abuse Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. An API abuse vulnerability exists in the AT Command API in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which stems from a lack of length checking when processing certain user-supplied values, a...

Cisco Data Center Network Manager REST API Endpoint Input Validation Error Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An input validation error vulnerability exists in the REST API endpoint in Cisco...

CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

The vulnerability of Cisco UCS Director, a management tool for physical infrastructure and virtual environments, stems from the lack of protection for service data. This allows attackers to exploit the system to disclose sensitive information that should be protected.

The vulnerability of the Cisco UCS Director tool for managing physical infrastructure and virtual environments is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information by sending a...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-52022)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1 and 4.0.5. An attacker can exploit the vulnerability by adding a DEBUG line to the log with the help of the loggin...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-48235)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to gain privileges by accessing API endpoints...

Mattermost Server Access Privilege Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. An attacker can exploit the vulnerability to gain access to API endpoints after a...

PT-2020-8461

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: An issue was discovered in Mattermost Server. After a restart of a server, an attacker might suddenly...

Cisco UCS Director Information Disclosure Vulnerability

Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. An information disclosure vulnerability exists in the REST API in Cisco UCS Director versions prior to 6.7.4.0, which stems from an API response displaying confidential information. A...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

Cisco IOS XE Privilege Permission and Access Control Issues Vulnerability (CNVD-2020-31976)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A privilege-granting and access-control issue vulnerability exists in the authorization control of the Cisco IOx application hosting infrastructure in Cisco IOS XE 16.3.1 and later...

Cisco Unified Contact Center Express Authorization Issues Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An authorization issue vulnerability exists...

CVE-2020-3333

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...

CVE-2020-3333 Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...

CVE-2020-12142

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

UBUNTU-CVE-2020-12275

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...

PT-2020-13088 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...

CVE-2020-5563

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API...

CVE-2019-4751

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...