RHEL 8 : container-tools:rhel8 (RHSA-2021:0531)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0531 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: environment...

CVE-2020-36237

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0...

PatrowlHears - PatrowlHears - Vulnerability Intelligence Center / Exploits

PatrOwl provides scalable, free and open-source solutions for orchestrating Security Operations and providing Threat Intelligence feeds. PatrowlHears is an advanced and real-time Vulnerability Intelligence platform, including CVE, exploits and threats news. Try it now! To try PatrowlHears, instal...

Mail.ru: REST API Endpoint leads to Unauthorized user disclosed private [ issue ] details

Summary Jira allows an administrator to restrict access to projects to specific users only. Or adjusting all project properties to be available only to the system administrator, which means that all users in the jira account cannot access issues, project, dashboard and any information about the...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to execute arbitrary SQL commands.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

infinispan: authorization check missing for server management operations

A flaw was found in the Infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. The highest threat...

JetBrains YouTrack User Enumeration Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. JetBrains YouTrack suffers from a user enumeration vulnerability that can be exploited by an...

CVE-2021-1266

A vulnerability in the REST API of Cisco Managed Services Accelerator MSX could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could...

Design/Logic Flaw

A vulnerability in the REST API of Cisco Managed Services Accelerator MSX could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could...

CVE-2021-1266

CVE-2021-1266 affects Cisco Managed Services Accelerator (MSX). The REST API vulnerability arises from how the software logs certain API requests, which an authenticated, remote attacker can exploit by sending a flood of crafted API requests, potentially causing a DoS on the affected device. Conn...

CVE-2021-1266 Cisco Managed Services Accelerator Denial of Service Vulnerability

A vulnerability in the REST API of Cisco Managed Services Accelerator MSX could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could...

Custom field options are exposed via an unauthenticated REST API endpoint - CVE-2020-36237

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Affected versions: version...

Cisco Managed Services Accelerator Denial of Service Vulnerability

Cisco Managed Services Accelerator MSX is a multi-tenant, multi-service, cloud-native service creation and delivery platform that enables service providers to quickly, easily, and cost-effectively develop and deliver hosted services to enterprise customers. A denial of service vulnerability exist...

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions...

Design/Logic Flaw

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions...

Cisco Managed Services Accelerator Denial of Service Vulnerability

A vulnerability in the REST API of Cisco Managed Services Accelerator MSX could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could...

CVE-2020-25208

Summary: CVE-2020-25208 affects YouTrack prior to 2020.4.4701, where an attacker could enumerate users via the REST API without proper permissions. Affected product/component: JetBrains YouTrack (web-based bug tracking/project management tool). Root cause / vulnerability type: Inadequate access c...

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions...

RHEL 8 : RHV-M (ovirt-engine) 4.4.z security, upd[ovirt-4.4.4] 0-day (Moderate) (RHSA-2021:0383)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0383 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and...

Moderate: Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...