4950 matches found
USN-5953-1: IPython vulnerabilities
It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery CSRF attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. CVE-2015-5607 It was discovered that IPython...
USN-5953-1 ipython vulnerabilities
It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery CSRF attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. CVE-2015-5607 It was discovered that IPython...
Ubuntu 18.04 ESM / 20.04 ESM : IPython vulnerabilities (USN-5953-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5953-1 advisory. It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site...
CVE-2023-27588
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...
This Week in Spring - March 14th, 2023
Hi, Spring fans! Happy Pi π day! And, welcome to another installment of This Week in Spring! It's pouring cats and dogs here in San Francisco! The news is talking about atmospheric rivers; I don't know what that means but I don't know that I want to find out. Anyway, all that to say: I'm glad as...
Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...
CVE-2016-15028
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...
CVE-2016-15028
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...
Input validation
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...
CVE-2016-15028 ICEPAY REST-API-NET Checksum Validation RestClient.cs RestClient integrity check
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...
CVE-2016-15028
CVE-2016-15028 affects ICEPAY REST-API-NET 0.9, specifically the RestClient in Classes/RestClient.cs under the Checksum Validation component. The vulnerability allows remote exploitation through improper validation of the integrity check value. Exploitability is described as remote with high atta...
GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group
A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...
HTML Injection
org.keycloak:keycloak-services is vulnerable to HTML Injection. A malicious user is able to send emails containing phishing links to users via the execute-actions-email endpoint of the admin REST API...
HTML Injection in Keycloak Admin REST API
The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users...
Exploit for Improper Access Control in Joomla Joomla\!
CVE-2023-23752 Joomla unauthorized access vulnerability CVE...
ManageEngine Firewall Analyzer REST API Key Disclosure (CVE-2022-36923)
Binary data manageenginefirewallanalyzercve-2022-36923direct.nbin...
K13074505: libarchive vulnerability CVE-2016-8687
Security Advisory Description Stack-based buffer overflow in the safefprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVE-2016-8687 Impact For BIG-IP and VIPRION platforms that ar...
K16861: BIG-IQ remote authentication vulnerability CVE-2015-4637
Security Advisory Description When remote authentication is configured on the BIG-IQ system for a LDAP server that allows anonymous BIND operations, a unauthenticated user may obtain an authentication token from the REST API for any known or guessed LDAP user account and will receive all the acce...
K47105354: Lodash library vulnerability CVE-2019-10744
Security Advisory Description Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. CVE-2019-10744 Impact An attacker can use Function inside of...
K23203045: BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014
Security Advisory Description BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API, which might allow authenticated users with guest privileges to upload files. CVE-2021-23014 Impact If an attacker has network access to the BIG-...