644 matches found
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
Design/Logic Flaw
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
CVE-2023-20136
CVE-2023-20136 concerns a privilege-escalation in the OpenAPI of Cisco Secure Workload. An authenticated, read-only user with valid credentials could invoke OpenAPI calls that should require Administrator privileges, enabling actions such as creating/deleting user labels due to RBAC misconfigurat...
Cisco Secure Workload OpenAPI Elevation of Privilege Vulnerability
Cisco Secure Workload is a software from Cisco that allows users to install software agents on their application workloads. A security vulnerability exists in the Cisco Secure Workload OpenAPI, which can be exploited by remote attackers to submit a special request that can be used to perform...
Cisco Secure Workload 安全漏洞
Cisco Secure Workload is a software from Cisco that allows users to install software agents on their application workloads. A security vulnerability exists in the Cisco Secure Workload OpenAPI, which can be exploited by remote attackers to submit a special request that can be used to perform...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
dk.mada.jaxrs:openapi-jaxrs-client (>=0.9.12 <=0.9.17), io.jooby:jooby-jstachio (>=3.0.0.M7 <=3.0.0.M9) +6 more potentially affected by CVE-2023-33962 via io.jstach:jstachio (>=0.10.0 <=1.0.0)
io.jstach:jstachio MAVEN version =0.10.0, =0.9.12, =3.0.0.M7, =0.6.0, =0.8.0, =0.8.0, =0.10.0, =0.10.0, =0.10.0, =1.0.0 Source cves: CVE-2023-33962 Source advisory: OSV:GHSA-GWXV-JV83-6QJR...
[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38
FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...
CVE-2023-30845
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...
Authentication flaw
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...
Server-side Request Forgery (SSRF)
openapi-generator is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/gen/clients/language path, allowing an attacker to access network resources and sensitive information via a crafted API request...
OpenAPI Generator vulnerable to Server-Side Request Forgery
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...
Server-side Request Forgery (SSRF)
Overview org.openapitools:openapi-generator-online is an a Spring Boot Server application which hosts a client/server generator API. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the API endpoints /api/gen/clients/language and /api/gen/servers/framework...
GHSA-WG4W-5M5R-W3P8 OpenAPI Generator vulnerable to Server-Side Request Forgery
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...
Server side request forgery (ssrf)
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...
CVE-2023-27162
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...
CVE-2023-27162
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...
openapi-generator 代码问题漏洞
openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in openapi-generator version v6.4.0 and earlier, which stems from the discovery of a vulnerability containing a server-side request forgery SSRF vulnerability via...