CVE-2019-16513

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

IBM API Connect Weak Encryption Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version 2018.4.1.7 that stems from the...

The vulnerability of the Intel Graphics Driver’s API driver component allows a hacker to trigger a service failure.

The vulnerability of the Intel Graphics Driver’s API driver component exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Intel Graphics Driver’s API driver component allows a hacker to disclose protected information.

The vulnerability of the Intel Graphics Driver’s API driver component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to disclose protected information...

The vulnerability of the REST API interface of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network Manager (EPNM) software for managing network services, allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the REST API interface of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network Manager EPNM software for managing network services, is related to insufficient validation of input data. Exploiting...

The vulnerability of the Firefox browser’s API component, which allows a hacker to replace the user interface

The vulnerability of the Firefox browser’s API is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to replace the user interface using a specially crafted title parameter...

The vulnerability of Modicon microprogrammed control devices relates to the use of REST API commands for reading registers, which allows attackers to disclose sensitive information.

The vulnerability of Modicon microprogrammed controllers relates to the use of read commands from the REST API registers. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

IBM Cloud Orchestrator Security Bypass Vulnerability

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. A...

foreman: authorization bypasses in foreman-tasks leading to information disclosure

An authentication bypass vulnerability was discovered in Foreman. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover ...

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to the transmission of invalid headers in the API, allows a violator to cause a service failure.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the transmission of invalid headers in the API. Exploiting this vulnerability could allow a malicious actor to cause service failures...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Vulnerability in the container of Cisco REST API virtual services for the Cisco IOS XE operating system, which allows a perpetrator to gain access to the target system with administrator privileges

The vulnerability in the container of Cisco’s API virtual services for operating systems running on Cisco IOS XE is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to the target system with administrator privileges by...

CVE-2019-1296

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2019-34770)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

The vulnerability affects the web interface for managing the Cisco Integrated Management Controller (IMC) Supervisor, as well as tools for managing physical infrastructure and IaaS virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data. This allows a malicious actor to trigger a service failure.

The vulnerability in the web interface for managing the Cisco Integrated Management Controller IMC Supervisor, as well as in tools for managing physical infrastructure and IaaS virtual environments like Cisco UCS Director and Cisco UCS Director Express for Big Data, is related to the lack of...

CVE-2019-5634

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy BLE from the mobile application are logged in...

CVE-2019-12634

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a...