1385 matches found
IBM API Connect Phishing Attack Vulnerability
IBM API Connect is a comprehensive end-to-end API lifecycle solution. A phishing attack vulnerability exists in IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an attacker to conduct a phishing attack by tricking the server into generating a user registration email...
CloudForms: User Impersonation in the API for OIDC and SAML
A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request...
ALEOS API Abuse Vulnerability
ALEOS is an integrated development environment for building customized embedded M2M applications. An API abuse vulnerability exists in the AT Command API in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which stems from a lack of length checking when processing certain user-supplied values, a...
Cisco Data Center Network Manager REST API Endpoint Input Validation Error Vulnerability
Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An input validation error vulnerability exists in the REST API endpoint in Cisco...
mysql: Server: C API unspecified vulnerability (CPU Oct 2019)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: C API. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...
Unspecified Vulnerability in Oracle MySQL Client
MySQL Client is a MySQL client, a program used to communicate with the server to process information in a database managed by the server. A security vulnerability exists in the C API component of Oracle MySQL Client. An attacker could exploit this vulnerability to affect availability...
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-52022)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1 and 4.0.5. An attacker can exploit the vulnerability by adding a DEBUG line to the log with the help of the loggin...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-48235)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to gain privileges by accessing API endpoints...
Mattermost Server Access Privilege Vulnerability
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. An attacker can exploit the vulnerability to gain access to API endpoints after a...
PT-2020-8461
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: An issue was discovered in Mattermost Server. After a restart of a server, an attacker might suddenly...
Cisco UCS Director Information Disclosure Vulnerability
Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. An information disclosure vulnerability exists in the REST API in Cisco UCS Director versions prior to 6.7.4.0, which stems from an API response displaying confidential information. A...
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
CVE-2020-9042
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...
Cisco IOS XE Privilege Permission and Access Control Issues Vulnerability (CNVD-2020-31976)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A privilege-granting and access-control issue vulnerability exists in the authorization control of the Cisco IOx application hosting infrastructure in Cisco IOS XE 16.3.1 and later...
Cisco Unified Contact Center Express Authorization Issues Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An authorization issue vulnerability exists...
CVE-2020-3333
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...
CVE-2020-3333 Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...
CVE-2020-12142
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
UBUNTU-CVE-2020-12275
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...