58 matches found
PT-2023-20332 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...
CVE-2022-43719
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Cross site request forgery (csrf)
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2021-29245
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...
CVE-2021-29245
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...
Design/Logic Flaw
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...
CVE-2021-29245
BTCPay Server prior to or including 1.0.7.0 uses a weak method (Next) to generate pseudo-random values for a legacy API key, which is the root cause of this CVE. The supplied connected documents confirm the affected product/version and the underlying issue; no explicit exploitation details or rem...
CVE-2021-29245
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...
CVE-2020-9979
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...
CVE-2020-9979
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...
Design/Logic Flaw
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...
CVE-2020-9979
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...
CVE-2020-9979
CVE-2020-9979 affects Apple platforms (iOS, iPadOS, tvOS) where a trust issue was addressed by removing a legacy API. The Apple advisories indicate the issue could allow an attacker to misuse a trust relationship to download malicious content. Remediation provided in the public disclosures is upg...
Grandstream UCM6200 Series OS Command Injection Vulnerability (CNVD-2020-44352)
The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. This vulnerability can be exploited by an attacker to execute commands as root by...
Node.js: url.parse() hostname spoofing via javascript: URIs
Summary: Using url.parse in security sensitive checks is dangerous as an arbitrary hostname can be spoofed via javascript: URIs. Description: The original url.parse API is dangerous as it allows to spoof an arbitrary hostname via a javascript: URI: bash $ node -e...
Vimeo: Legacy API exposes private video titles
Hi, I have discovered Vimeo's legacy API vimeo.com/api exposes private video titles. Example URL: https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/152133387 Vimeo provides the uploader with 5 privacy options for viewing videos: 1. Anyone 2. Only me 3. Only people I follow 4. Only people ...
ownCloud Multiple Vulnerabilities -01 (Feb 2015)
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...
Bitly Compromised, Users Urged to Change Passwords
Link shortening service Bitly informed its users Thursday that it believes user credentials – passwords, API keys and OAuth tokens – have been compromised. While the company claims there’s no real indication that any accounts were accessed without authorization, in a post on its blog the company...