1382 matches found
Broadcom CA API Developer Portal Access Bypass Vulnerability
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...
Cisco UCS Director and Cisco UCS Director Express for Big Data Input Validation Error Vulnerability (CNVD-2020-25346)
Cisco UCS Director and Cisco UCS Director Express for Big Data are both products from Cisco, Inc. Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Cisco UCS Director is a heterogeneous platform for private cloud infrastructure-as-a-service IaaS. A...
Broadcom CA API Developer Portal Information Disclosure Vulnerability (CNVD-2020-25821)
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An information disclosure vulnerability exists in Broadcom CA API Developer Portal 4.3....
PT-2020-2597
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient input validation in the Lightweight HTTP Server component of Oracle Java SE and Java SE Embedded. This can be exploit...
Argo Information Disclosure Vulnerability
Argo is an open source container native workflow engine. A security vulnerability exists in versions prior to Argo 1.5.0-rc1. An attacker can exploit the vulnerability by submitting a request to invoke the API to retrieve information...
Unspecified vulnerability in CIPPlanner CIPAce (CNVD-2020-21817)
CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability by sending an API request to obtain the uplo...
Unspecified Vulnerability in CIPPlanner CIPAce
CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability to obtain ETL process contents by sending a...
CVE-2020-11586
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data...
CVE-2020-11587
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...
Google Kubernetes Resource Management Error Vulnerability
Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A resource management error...
ZyXEL Cloud CNM SecuManager Unauthorized Remote Code Execution Vulnerability
Zyxel Cloud CNM SecuManager is a full-featured network management software that provides an integrated console to monitor and manage security grids, including the ZyWALLUSG and VPN series. An unauthorized remote code execution vulnerability exists in Zyxel Cloud CNM SecuManager, which can be...
SQL Injection Vulnerability in Eight Image Encryption Platforms
Eight Image Encryption Platform is designed and developed in php+mysql environment by calling the API of Eight Image Platform. There is a SQL injection vulnerability in Eight Image Encryption Platform, which can be exploited by attackers to gain database privileges...
Unauthorized Access Vulnerability in Jingyun Network Antivirus System
Jingyun Network Antivirus System is a new generation of enterprise-level anti-virus security protection software launched by T&S Leader. KingCloud Network Antivirus System has an unauthorized access vulnerability, which can be exploited by attackers to directly access the api to obtain sensitive...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...
UBUNTU-CVE-2020-7955
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...
CVE-2019-16029
A vulnerability in the application programming interface API of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service DoS condition of the web interface. The...
CVE-2019-16513
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...
CVE-2019-12837
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints...
IBM API Connect Weak Encryption Vulnerability
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version 2018.4.1.7 that stems from the...
foreman: authorization bypasses in foreman-tasks leading to information disclosure
An authentication bypass vulnerability was discovered in Foreman. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover ...