CVE-2023-22943

CVE-2023-22943 affects Splunk Add-on Builder (AoB) < 4.1.2 and Splunk CloudConnect SDK

CVE-2023-22943 Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK

In Splunk Add-on Builder AoB versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs...

Remote Code Execution

lava is vulnerable to Remote Code Execution. The vulnerability exists in the REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template which allows an attacker to execute arbitrary codes...

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

Information disclosure

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2021-36225

CVE-2021-36225 affects Western Digital My Cloud devices prior to OS5. The vulnerability allows REST API access by low-privileged accounts, demonstrated by commands for firmware uploads and installation. Documented CVSS: 3.1 base score 8.8 (High) with network attack vector, low complexity, require...

Security Bulletin: IBM MQ is affected by FasterXML jackson-databind vulnerabilities (CVE-2022-42003, CVE-2022-42004)

Summary Multiple issues were identified with the Jackson library that is used within the IBM MQ Console to provide REST API functionality. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the...

Fedora 37 : mediawiki (2023-30a7a812f0)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-30a7a812f0 advisory. https://www.mediawiki.org/wiki/Releasenotes/1.38 https://lists.wikimedia.org/hyperkitty/list/mediawiki-...

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...

Authentication Bypass

flarum is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly check access for post creation when the first post is deleted, allowing an attacker who can view the discussion to create new malicious replies via the REST API, even with reply permissio...

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability exists in api.py due to explicitly enabling the DASHBOARDCACHE feature which allows an unauthenticated user to access dashboard configuration metadata using a rest api GET endpoint...

Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)

An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...

Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

GHSA-7222-R37X-8Q3M Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

GHSA-8F5J-MGX9-5HM5 Apache Superset has Improper Access Control

When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

Apache Superset has Improper Access Control

When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

CVE-2022-45438

When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...