454 matches found
[SECURITY] Fedora 39 Update: rubygem-httparty-0.18.1-9.fc39
Makes http fun! Also, makes consuming restful web services dead easy...
Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...
Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)
The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...
GitLab: Stored-XSS injected in Wiki page via Banzai pipeline
A vulnerability was found in the AbstractReferenceFilter class of the GitLab project that could be exploited to inject arbitrary HTML elements, leading to a stored cross-site scripting XSS vulnerability. The issue was caused by the way the application handled the processing of wiki page content,...
Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...
The vulnerability of the software for the RESTful API used to manage content in Plone CMS (plone.rest) involves an uncontrolled resource consumption, which allows a hacker to cause a service failure.
The vulnerability of the software for the RESTful API used to manage content in Plone CMS plone.rest is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Commander - A Command And Control (C2) Server
Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...
Security Bulletin: A vulnerability in go-restful affects IBM Robotic Process Automation for Cloud Pak resulting in a bypass of security restrictions (CVE-2022-1996).
Summary A vulnerability in go-restful affects IBM Robotic Process Automation for Cloud Pak resulting in a bypass of security restrictions. go-restful is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework. This bulletin identifies the security fixes to apply to...
The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to increase their privileges.
The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine ISE management platform for network policies is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending speciall...
A Look at Our Development Process of the Cloud Resource Enrichment API
In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to an authorization bypass due to emicklei/go-restful [CVE-2022-1996]
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by a vulnerability in emicklei/go-restful. The Vulnerability includes an authorization bypass through a user-controlled key as described by the CVE in the...
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery
Jenkins Pipeline restFul API Plugin 0.11 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to have Jenkins connect to an attacker-specified URL, capturing a newly generated JCLI token...
CVE-2023-37957
A cross-site request forgery CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token...
Jenkins Plugin Pipeline restFul 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
go-restful: Authorization Bypass Through User-Controlled Key
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...
The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to execute cross-site scripting attacks.
The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine ISE management platform for network policies relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...
Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...
go-restful: Authorization Bypass Through User-Controlled Key
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...
OS Command Injection via Type Confusion in Scan and Preview Parameters
Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2021-46848 DESCRIPTION: GNU Libtasn1 could allow a remote attacker to obtain sensitive information, caused by an out-of-bound access flaw in ETYPEOK. By sending a...