Portainer 代码问题漏洞

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

Juniper Networks Junos OS Information Disclosure Vulnerability (CNVD-2022-21488)

Juniper Networks Junos OS is a network operating system from Juniper Networks, Inc. for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS is vulnerable to information disclosure, and no details of the...

CVE-2021-37867

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure...

Jimoty 信任管理问题漏洞

Jimoty is a Web site of Jimoty Japan, Inc. It is used to provide help, information dissemination and other services to local people. Jimoty App for Android is vulnerable to a trust management issue, which exists due to hard-coded credentials in the application code. A local attacker could exploit...

CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API, providing a C API, support for repair files, support for the . This...

NumPy 安全漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

Cvxopt 安全漏洞

Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

...

GHSA-GFHX-JJWQ-63GV Cross-site Scripting in Apereo CAS

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides easy, object-oriented API access to data in .dwg and .dgn, C API, file repair support, support for . code execution...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The development package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for...

CVE-2021-36310

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service...

Dell Networking OS10 安全漏洞

Dell Networking OS10 is a Linux-based network switch operating system from Dell DELL U.S.A. An elevation of privilege vulnerability exists in Dell Networking OS10, which could be exploited by an attacker with specific API access to gain administrator privileges on the affected system...

CVE-2021-43563

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to...

PT-2021-22752 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.9.6 and later Description: An information disclosure issue in the GitLab CE/EE API allows a user to view basic information about private groups that a public project has been shared with. Recommendations: For GitLab...

Jeedom 安全漏洞

Jeedom is an open source home automation solution for the Internet of Things. Jeedom suffers from a security vulnerability that allows a remote attacker to bypass API access and retrieve user credentials...

GitLab 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...

CVE-2021-38471

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...