CVE-2020-12146 Silver Peak Unity OrchestratorTM subject to path traversal.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

CVE-2020-12146

CVE-2020-12146 concerns Silver Peak Unity Orchestrator path traversal via the /debugFiles REST API. An authenticated user can access, modify, and delete restricted files on the Orchestrator server. Affected versions are pre-8.9.11+, 8.10.11+, and 9.0.1+. ThreatPost notes that patches exist, and S...

CVE-2020-12147 Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

CVE-2020-12145

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are affected by CVE-2020-12145, which allows login via HTTP Host header spoofing to localhost. The vulnerability stems from authenticating REST API calls from localhost using the host header, enabling an attacker to byp...

CVE-2020-12145 Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers.

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted ...

Cisco Edge Fog Fabric Authorization Issues Vulnerability

Cisco Edge Fog Fabric EFF is an open architecture IoT platform for industrial customers. An authorization issue vulnerability exists in the REST API for Cisco Edge Fog Fabric versions prior to 1.7.4. The vulnerability stems from a failure of authorization enforcement to be correct. An attacker ca...

Information Disclosure

podman is vulnerable to information disclosure. The vulnerability exists through environment variables leak between containers when started via Varlink or Docker-compatible REST API...

Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)

HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...

PT-2020-5183 · Cisco · Cisco Data Center Network Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager DCNM Software affected versions not specified Cisco Firepower Management Center FMC affected versions not specified Description: The issue is related to insufficient path restriction enforcement in a certain...

Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

Exploit Title: WP Courses 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Exploit Author: Stefan Broeder, Marco Ortisi redtimmysec Authors blog: https://www.redtimmy.com Vendor Homepage: https://wpcoursesplugin.com/ Version Vulnerable: 2.0.29 CVE: requested but not assigned...

CVE-2020-10746

A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...

Design/Logic Flaw

A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...

CVE-2020-10746

A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...

CVE-2020-8349

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...

Remote code execution

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...

CVE-2020-8349

CVE-2020-8349 affects Cloud Networking Operating System (CNOS) via the optional REST API management interface. The vulnerability is unauthenticated remote code execution that is not present when the REST API interface is disabled; if enabled, access is limited to the VRF and governed by ACLs. Imp...

CVE-2020-8349

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...

CVE-2020-3567

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

Input validation

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...