PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...

GitHub node-etsy-client 信息泄露漏洞

GitHub node-etsy-client is a GitHub open source application. nodeJs Etsy ReST API client. A security vulnerability exists in node-etsy-client that stems from a reported client-side error will also provide the api key value...

Cisco IOS XE Software 操作系统命令注入漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A command injection vulnerability exists in the web UI of Cisco IOS XE. The vulnerability stems from the affected software not properly validating values parsed from a specific...

IBM Spectrum Scale 安全漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...

Aruba Networks AirWave Management Platform SQL注入漏洞

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. An SQL injection vulnerability exists in the API of Aruba Networks...

Datadog API 安全漏洞

Github datadog-api-client-java is Github an open source application . Provides a JAVA API interface. Datadog API before version 1.0.0-beta.9 A security vulnerability exists in the Datadog API before version 1.0.0-beta.9, which stems from a local disclosure of sensitive information downloaded...

GitHub Enterprise Server 安全漏洞

GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...

CVE-2021-1388

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

OESA-2021-1016 tpm2-tss security update

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.\r\n\r\n Security Fixes:\r\n\r\n No description is available for this CVE.CVE-2020-24455\r\n\r\n...

JetBrains YouTrack 授权问题漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. JetBrains YouTrack suffers from a user enumeration vulnerability that can be exploited by an...

vulscan

This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...

Cisco DNA Center 安全漏洞

Cisco DNA Center is the network management and command center for Cisco DNA. An information disclosure vulnerability exists in the Configuration Archiving feature in Cisco DNA Center versions prior to 2.1.2.0. The vulnerability stems from the fact that configuration archive files are stored in...

PYSEC-2021-876

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface...

Apache DolphinScheduler Permission License and Access Control Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation. A security vulnerability exists in Apache DolphinScheduler prior to 1.3.2, which allows normal users to override other users' passwords via the API interface...

Tenda AC6 Denial of Service Vulnerability

Tenda AC6 is an AC1200 model intelligent dual-band WiFi router. A denial of service vulnerability exists in Tenda AC6 15.03.06.51multi. An attacker can exploit this vulnerability by sending a large HTTP POST request to the Change Password API to cause the router to crash and enter an infinite boo...

Solarwinds Orion Platform Authorization Issues Vulnerability

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user comments, and a mapped view of the entire network. The...

mysql: C API unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

mysql: C API unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...