4960 matches found
CVE-2023-27319
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
Spoofing
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
CVE-2023-27319
CVE-2023-27319 affects NetApp ONTAP Mediator prior to 1.7. The vulnerability allows an unauthenticated attacker to enumerate URLs via the REST API, leading to potential information disclosure. The issue is documented across multiple sources (NVD entry, Red Hat advisory, and PT-SEC advisory), all ...
CVE-2023-27319 CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
PT-2023-32795 · WordPress · Paid Memberships Pro
Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to 2.12.5 Description: The issue arises from an incorrectly implemented capability check in the pmpro rest api get permission...
Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
Description The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. PoC curl --url...
CVE-2023-23584
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...
CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
PT-2023-19060 · Gallagher · Gallagher Command Centre
Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.50 and prior Gallagher Command Centre versions 8.60 prior to vEL8.60.2039 MR4 Gallagher Command Centre versions 8.70 prior to vEL8.70.1787 MR2 Description: An observable response discrepancy in the Gallaghe...
How to construct "Deployment Rules' for the REST API request to add and update the Public APP Store
This document is to record an easier method to construct the field 'Deployment Rules' in the RESTAPI request to add and update the APP in the Public APP Store...
CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
UBUNTU-CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061
CVE-2023-5061 affects GitLab core CI/CD handling: in certain situations, developers could override predefined CI variables via the REST API across multiple release lines (9.3–16.4.3, 16.5.0–16.5.3, 16.6.0–16.6.1). The root cause is not explicitly detailed beyond this behavior, but the impact is t...
CVE-2023-5061 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061
Removed by vendor...