Lucene search
K

58 matches found

Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.3 views

PT-2023-20332 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...

8.2CVSS6.1AI score0.00904EPSS
Exploits0References7
NVD
NVD
added 2023/01/16 11:15 a.m.27 views

CVE-2022-43719

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

8.8CVSS8.6AI score0.00567EPSS
Exploits0References1
Prion
Prion
added 2023/01/16 11:15 a.m.18 views

Cross site request forgery (csrf)

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

6.8CVSS8.6AI score0.00567EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/05/05 1:15 p.m.10 views

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

5.3CVSS0.00945EPSS
Exploits0References2
OSV
OSV
added 2021/05/05 1:15 p.m.12 views

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

5.3CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/05/05 1:15 p.m.14 views

Design/Logic Flaw

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

5CVSS5.3AI score0.00945EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/05 12:25 p.m.43 views

CVE-2021-29245

BTCPay Server prior to or including 1.0.7.0 uses a weak method (Next) to generate pseudo-random values for a legacy API key, which is the root cause of this CVE. The supplied connected documents confirm the affected product/version and the underlying issue; no explicit exploitation details or rem...

5.3CVSS5.2AI score0.00945EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/05 12:25 p.m.13 views

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

6.6AI score0.00945EPSS
Exploits0References2
NVD
NVD
added 2020/10/27 9:15 p.m.20 views

CVE-2020-9979

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...

5.5CVSS4.7AI score0.00406EPSS
Exploits0References4
OSV
OSV
added 2020/10/27 9:15 p.m.0 views

CVE-2020-9979

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...

5.5CVSS6.7AI score0.00406EPSS
Exploits0References4
Prion
Prion
added 2020/10/27 9:15 p.m.16 views

Design/Logic Flaw

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...

2.1CVSS5.9AI score0.00406EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2020/10/27 8:52 p.m.25 views

CVE-2020-9979

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...

6AI score0.00406EPSS
Exploits0References4
CVE
CVE
added 2020/10/27 8:52 p.m.93 views

CVE-2020-9979

CVE-2020-9979 affects Apple platforms (iOS, iPadOS, tvOS) where a trust issue was addressed by removing a legacy API. The Apple advisories indicate the issue could allow an attacker to misuse a trust relationship to download malicious content. Remediation provided in the public disclosures is upg...

5.5CVSS5.5AI score0.00406EPSS
Exploits0References4Affected Software3
CNVD
CNVD
added 2020/07/21 12:0 a.m.2 views

Grandstream UCM6200 Series OS Command Injection Vulnerability (CNVD-2020-44352)

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. This vulnerability can be exploited by an attacker to execute commands as root by...

9CVSS8AI score0.04375EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/08/16 9:28 a.m.231 views

Node.js: url.parse() hostname spoofing via javascript: URIs

Summary: Using url.parse in security sensitive checks is dangerous as an arbitrary hostname can be spoofed via javascript: URIs. Description: The original url.parse API is dangerous as it allows to spoof an arbitrary hostname via a javascript: URI: bash $ node -e...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2016/01/18 10:6 a.m.48 views

Vimeo: Legacy API exposes private video titles

Hi, I have discovered Vimeo's legacy API vimeo.com/api exposes private video titles. Example URL: https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/152133387 Vimeo provides the uploader with 5 privacy options for viewing videos: 1. Anyone 2. Only me 3. Only people I follow 4. Only people ...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2015/02/19 12:0 a.m.25 views

ownCloud Multiple Vulnerabilities -01 (Feb 2015)

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...

5CVSS6.4AI score0.01223EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2014/05/09 12:2 p.m.11 views

Bitly Compromised, Users Urged to Change Passwords

Link shortening service Bitly informed its users Thursday that it believes user credentials – passwords, API keys and OAuth tokens – have been compromised. While the company claims there’s no real indication that any accounts were accessed without authorization, in a post on its blog the company...

1.6AI score
Exploits0References2
Rows per page
Query Builder