Design/Logic Flaw

An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing...

Cross site request forgery (csrf)

An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints for add and delete lack a CSRF token check...

CVE-2020-26033

An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints for add and delete lack a CSRF token check...

CVE-2020-26033

CVE-2020-26033 affects Zammad prior to version 3.4.1, where the Tag and Link REST API endpoints (add and delete) do not perform CSRF token validation. Connected sources corroborate a CSRF vulnerability in the labeling/linking REST paths, with broader references noting fixes in newer releases (e.g...

CVE-2020-29160

CVE-2020-29160 affects Zammad before 3.5.1. A REST API call can modify Ticket Article data and defeat auditing via an access-control flaw, with no authentication required in CVSS terms. Impact is integrity loss (high) and auditing bypass. Remediation stated across sources is to upgrade to Zammad ...

CVE-2020-29160

An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing...

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:PYSEC-2020-48...

Privilege Escalation

keycloak is vulnerable to privilege escalation. The Account REST API can update user metadata attributes...

Freki - Malware Analysis Platform

Freki is a free and open-source malware analysis platform. Goals 1. Facilitate malware analysis and reverse engineering; 2. Provide an easy-to-use REST API for different projects; 3. Easy deployment via Docker; 4. Allow the addition of new features by the community. Current features Hash...

Information Disclosure

gitlab is vulnerable to information disclosure. The vulnerability is possible via the REST API via the GraphQL...

CVE-2020-27147

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...

Improper access control

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...

CVE-2020-27147

The CVE concerns TIBCO PartnerExpress REST API (v6.2.0). The REST API component contains a vulnerability that could allow an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via the REST API, potentially leading to unauthorized read and, fo...

CVE-2020-27147

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...

CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

CVE-2020-26415

Removed by vendor...

TIBCO Security Advisory: December 15, 2020 - TIBCOPartnerExpress

TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: CVE-2020-27147 Source: TIBCO SoftwareInc. TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO PartnerExpress version 6.2.0 T...

TIBCO Security Advisory: December 15, 2020 - TIBCOPartnerExpress

TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: CVE-2020-27147 Source: TIBCO SoftwareInc. TIBCO PartnerExpress REST API Original release date: December 15, 2020 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO PartnerExpress version 6.2.0 T...

PT-2020-16420 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 13.4.7 GitLab versions 13.5 through 13.5.5 GitLab versions 13.6 through 13.6.2 Description: Information about the starred projects for private user profiles was exposed via the GraphQL API starting from version...

Information disclosure

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with...