CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20392

CVE-2024-20392 describes a vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway. The flaw arises from insufficient input validation of parameters passed to the API, enabling an unauthenticated, remote attacker to perform an HTTP response splitting...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS that stems from insufficient input validation of certain parameters passed to the Web-based management API of an affected system, allowing an unauthenticated, remote attacker to...

Stilog Visual Planning 8 安全漏洞

Stilog Visual Planning is software from Stilog that allows you to efficiently manage resource allocation and share schedules with employees. A security vulnerability exists in Stilog Visual Planning 8. An attacker could exploit the vulnerability to receive management API tokens...

SAP Commerce Information Disclosure Vulnerability

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. The product supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce OCC API that originates from the HYCOM 2105, HYCOM...

Lenovo ThinkSystem 安全漏洞

Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker exploited the vulnerability to execute commands without sufficient privileges on SMM v1, SMM v2, and FPC using specially designed Web...

Design/Logic Flaw

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker coul...

CVE-2023-20055 Cisco DNA Center Privilege Escalation Vulnerability

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker coul...

CVE-2023-20055

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker coul...

PT-2023-2106 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface o...

K14734: Apache HTTP server vulnerability CVE-2013-2249

Security Advisory Description modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

SUSE CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

SUSE CVE-2020-27821

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting i...

GHSA-MJMJ-J48Q-9WG2 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, cassandra-reaper, metric-collector-for-apache-cassandra-4.1...

CVE-2022-1471 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, cassandra-reaper, metric-collector-for-apache-cassandra-4.1...

Vulnerability fixed in Atlassian Crowd

A vulnerability has been fixed in Atlassian Crowd. This vulnerability allows a malicious person to, through a configuration error to authenticate itself and thereby interact with the user management REST API. In doing so, the IP of the attacker must be on the allow list, which is not the default...

CVE-2022-41854 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, hadoop-fips, management-api-for-apache-cassandra-4.1, management-api-for-apache-cassandra-5.0...

CVE-2022-41854 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...

GHSA-9W3M-GQGF-C4P9 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, management-api-for-apache-cassandra-5.0...

GHSA-9W3M-GQGF-C4P9 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...