Lucene search
+L

454 matches found

Fedora
Fedora
added 2024/01/14 1:0 a.m.17 views

[SECURITY] Fedora 39 Update: rubygem-httparty-0.18.1-9.fc39

Makes http fun! Also, makes consuming restful web services dead easy...

5.3CVSS5.4AI score0.0129EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:35 p.m.65 views

Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...

9.8CVSS9.8AI score0.09501EPSS
Exploits17Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.20 views

Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)

The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...

9CVSS8.2AI score0.97337EPSS
Exploits2References4
Hacker One
Hacker One
added 2023/11/19 11:54 a.m.14 views

GitLab: Stored-XSS injected in Wiki page via Banzai pipeline

A vulnerability was found in the AbstractReferenceFilter class of the GitLab project that could be exploited to inject arbitrary HTML elements, leading to a stored cross-site scripting XSS vulnerability. The issue was caused by the way the application handled the processing of wiki page content,...

5.5AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/11/06 2:0 p.m.66 views

Testing with OpenAPI Specifications

The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...

7.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.6 views

The vulnerability of the software for the RESTful API used to manage content in Plone CMS (plone.rest) involves an uncontrolled resource consumption, which allows a hacker to cause a service failure.

The vulnerability of the software for the RESTful API used to manage content in Plone CMS plone.rest is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS7.2AI score0.00815EPSS
Exploits0References6Affected Software1
Kitploit
Kitploit
added 2023/10/20 9:31 p.m.30 views

Commander - A Command And Control (C2) Server

Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...

7.3AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 1:42 a.m.43 views

Security Bulletin: A vulnerability in go-restful affects IBM Robotic Process Automation for Cloud Pak resulting in a bypass of security restrictions (CVE-2022-1996).

Summary A vulnerability in go-restful affects IBM Robotic Process Automation for Cloud Pak resulting in a bypass of security restrictions. go-restful is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework. This bulletin identifies the security fixes to apply to...

9.3CVSS9.8AI score0.02737EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/14 12:0 a.m.6 views

The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to increase their privileges.

The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine ISE management platform for network policies is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending speciall...

6.3CVSS5.6AI score0.00535EPSS
Exploits0References3Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2023/09/07 3:13 p.m.21 views

A Look at Our Development Process of the Cloud Resource Enrichment API

In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:42 p.m.50 views

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to an authorization bypass due to emicklei/go-restful [CVE-2022-1996]

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by a vulnerability in emicklei/go-restful. The Vulnerability includes an authorization bypass through a user-controlled key as described by the CVE in the...

9.3CVSS9.7AI score0.02737EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.26 views

Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery

Jenkins Pipeline restFul API Plugin 0.11 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to have Jenkins connect to an attacker-specified URL, capturing a newly generated JCLI token...

8.8CVSS6.7AI score0.00395EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/07/12 4:15 p.m.11 views

CVE-2023-37957

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token...

8.8CVSS0.00395EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.5 views

Jenkins Plugin Pipeline restFul 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS8AI score0.00395EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/09 7:47 p.m.7 views

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

9.3CVSS7.3AI score0.02737EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/06/02 12:0 a.m.7 views

The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to execute cross-site scripting attacks.

The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine ISE management platform for network policies relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...

6.1CVSS6.3AI score0.00781EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:50 a.m.45 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...

9.3CVSS9.6AI score0.02737EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/18 3:55 p.m.6 views

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

9.3CVSS7.3AI score0.02737EPSS
Exploits1References4
Huntr
Huntr
added 2023/04/23 12:26 a.m.19 views

OS Command Injection via Type Confusion in Scan and Preview Parameters

Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...

7.5CVSS8.7AI score0.40516EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 3:19 p.m.77 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2021-46848 DESCRIPTION: GNU Libtasn1 could allow a remote attacker to obtain sensitive information, caused by an out-of-bound access flaw in ETYPEOK. By sending a...

9.8CVSS10AI score0.92984EPSS
Exploits24Affected Software1
Rows per page
Query Builder