4950 matches found
CVE-2022-43719
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Cross site request forgery (csrf)
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Default configuration
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-45438 Apache Superset: Dashboard metadata information leak
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-45438 Apache Superset: Dashboard metadata information leak
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-45438
CVE-2022-45438 affects Apache Superset where enabling the DASHBOARD_CACHE feature flag (off by default) allows an unauthenticated user to access dashboard configuration metadata via a REST API GET endpoint. Affected versions are Superset 1.5.2 and earlier, and 2.0.0. The underlying issue is an im...
CVE-2022-43719
CVE-2022-43719 affects Apache Superset; two legacy REST API endpoints for approval and request access are vulnerable to CSRF, impacting versions 1.5.2 and earlier, and 2.0.0. Root cause indicated by sources is lack of CSRF protection on these endpoints. CVSS v3.1 metrics show high impact (Confide...
CVE-2022-43719 Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2022-42290
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42289
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
Design/Logic Flaw
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
Design/Logic Flaw
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42290
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42290
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42290
The CVE-2022-42290 issue affects NVIDIA BMC SPX REST API. An authorized attacker can inject arbitrary shell commands, potentially leading to code execution, denial of service, information disclosure, and data tampering. The connected NVIDIA advisories note remediation via firmware updates; specif...
CVE-2022-42279
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-42282
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure...