GHSA-Q9G8-9HPP-XC82 nsufficiently Protected Credentials in ActiveMQ Artemis

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file etc/artemis-users.properties file when executing the resetUsers operation. A local attacker can use this flaw to read the...

Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from the lack of proper validation of the...

Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from the lack of proper validation of the...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22013

CVE-2021-22013 is a path traversal vulnerability in VMware vCenter Server’s appliance management API that could allow an unauthenticated attacker with network access to port 443 to read arbitrary files, leading to information disclosure. Affected software is vCenter Server; root cause is improper...

Shopware Information Disclosure Vulnerability

Shopware is an open source e-commerce platform. An information disclosure vulnerability exists in Shopware versions prior to 6.4.1.1. An attacker can exploit the vulnerability to expose internal hidden fields via the Management API when loading multiple references in an association...

Amazon Linux 2 : qemu (ALAS-2021-1671)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1671 advisory. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of- bounds read access and...

IBM Cognos Analytics 授权问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A command execution vulnerabili...

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

foreman: world-readable OMAPI secret through the ISC DHCP server

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability...

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

Directory traversal

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

CVE-2021-23357 Directory Traversal

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

Apache APISIX Trust Management Issues Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . Apache APISIX suffers from a trust...

CVE-2020-25711

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...

Directory Traversal

Overview github.com/TykTechnologies/tyk/gateway is a Tyk Gateway API Affected versions of this package are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The API...

The vulnerability of the Radio Management API interface for the Windows operating system allows a malicious individual to escalate their privileges.

The vulnerability in the set of interfaces of the Windows operating system’s Radio Management API is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

Information Disclosure

auth0 is vulnerable to information disclosure. When Auth0's management API is used to a Machine to Machine application authorization, it does not sanitize DenyList of specific key in the Authorization header and logs Authorization header value, exposing a bearer tokens...