Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2016-06424)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure hole exists in the...

foreman: API and UI actions/URLs not limited to the orgs/locations assigned

It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to...

IBM API Connect and NPM Remote Information Disclosure Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A security vulnerability exists in IBM API Connect and NPM that allows remote attack attackers to submit special requests to obtain sensiti...

Foreman API and UI Privilege Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A privilege-lifting vulnerability exists in the Foreman API and UI. When a restricted user from a specif...

The vulnerabilities in Acrobat software allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the Acrobat API due to the access to unmaped memory. Exploiting this vulnerability allows attackers to execute arbitrary code by using API calls...

Red Hat Satellite SQL Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in the 'sortby' and 'sortorder' parameters...

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

CVE-2016-3655

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call...

Palo Alto Networks PAN-OS Command Injection Vulnerability (CNVD-2016-02034)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS. Due to the program failing to properly parse the input of an API call. An attacker could exploit this vulnerability to...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

server: build config to a strategy that isn't allowed by policy

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the buil...

IBM Maximo Asset Management Information Disclosure Vulnerability

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. An information disclosure vulnerability exists in IBM Maximo Asset Management. It allows remote authenticated users to access sensitive information via a REST API...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

Vulnerability of the Java Platform software platform, allowing attackers to modify data

The vulnerability of the Security sub-component in JRockit and Java Platform software platforms is related to errors in the code. Exploiting this vulnerability allows a malicious actor to modify data using specially crafted data for the API function...

Vulnerability in Newphoria MEGAPHONE MUSIC application

Newphoria MEGAPHONE MUSIC application for Android and iOS is a suite of music player applications based on the Android and iOS platforms from Newphoria Japan. A security vulnerability exists in the Newphoria MEGAPHONE MUSIC application for Android and iOS. The vulnerability can be exploited by an...

OpenShift: Malformed JSON can cause API process crash

It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master process...

foreman: API not scoping resources to taxonomies

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access...

The vulnerability of the Apache HTTP Server web server allows attackers to circumvent existing access restrictions.

The vulnerability of the apsomeauthrequired function in the server/request.c component of the Apache HTTP Server is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions due to the...

The vulnerability of the Adobe Reader DC PDF viewer program, which allows a hacker to circumvent access restrictions

The vulnerability of the Adobe Reader DC PDF viewer program is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass restrictions on access to the JavaScript API...