PT-2023-14091 · Nvidia · Nvidia Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue concerns a vulnerability in the SPX REST API of NVIDIA BMC, allowing an authorized attacker to inject arbitrary shell commands. This could lead to code execution, denial of...

Important: Red Hat Security Advisory: RHV 4.4 SP1 [ovirt-4.5.3-3] security update

Updated RHV packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted

If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...

This Week in Spring - January 9th, 2023

Hi, Spring fans! As I write this Im on a plane winging my way to Helsinki, Finland. A new year and new journeys begin. Its going to be cold there. Wish me luck! Do you know what always warms me up? The thrill of learning. And this weeks no different. This week weve got some good stuff line up so...

Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

CVE-2021-32828

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

CVE-2021-32828 Regular expression Denial of Service in MooTools

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

PT-2023-12175 · Nuxeo · Nuxeo Platform

Name of the Vulnerable Software and Affected Versions: Nuxeo Platform version 11.5.109 Description: The Nuxeo Platform is an open source content management platform for building business applications. In the affected version, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS...

CVE-2021-32828 Regular expression Denial of Service in MooTools

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

Authentication flaw

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2022-4417

CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

DEBIAN-CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

Design/Logic Flaw

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2021-44854

MediaWiki vulnerability CVE-2021-44854 affects MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1, where the REST API publicly caches results from private wikis. This can lead to exposure of private wiki data via the REST API. The connected advisories indicate mitigations via...