453 matches found
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal RESTful Web Services versions 7.X-2.0 through 7.X-2.10, which stems from the inclusion of an Exposure of Sensitive Information via Data Queries...
[SECURITY] Fedora 40 Update: python-quart-0.19.8-1.fc40
Quart is an async Python web microframework. Using Quart you can, render and serve HTML templates, write RESTful JSON APIs, serve WebSockets, stream request and response data, do pretty much anything over the HTTP or WebSocket protocols...
[SECURITY] Fedora 41 Update: python-quart-0.19.8-1.fc41
Quart is an async Python web microframework. Using Quart you can, render and serve HTML templates, write RESTful JSON APIs, serve WebSockets, stream request and response data, do pretty much anything over the HTTP or WebSocket protocols...
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 CVSS score: 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been describ...
Authorization Bypass Through User-Controlled Key in emicklei/go-restful
...
OSIsoft PI Web API Code Issue Vulnerability
The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...
Security Bulletin: IBM Storage Fusion is vulnerable to authorization bypass due to go-restful.
Summary emicklei/go-restful is used by IBM Storage Fusion's isf-prereq-operator to create pre-requisite resources and deploy dependent operators. CVE-2022-1996. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused ...
Drupal RESTful Web Services module < 7.x-2.10 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Fran Garcia-Linares in WordPress Module RESTful Web Services versions 7.x-2.10...
RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019
This module exposes Drupal resources e.g. entities as RESTful web services. The module doesn't sufficiently restrict access for user resources...
RHEL 8 : openshift-gitops-kam (RHSA-2023:3229)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3229 advisory. Security Fixes: go-restful: Authorization Bypass Through User-Controlled Key CVE-2022-1996 For more details about the security issues, including the...
RHEL 9 : openshift-gitops-kam (RHSA-2023:3557)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3557 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: go-restful: Authorization Bypass Through User-Controlle...
RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...
CVE-2024-27488
ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...
CVE-2024-24892
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...
CVE-2024-24892
CVE-2024-24892 describes an OS command injection and privilege escalation in openEuler migration-tools (versions 1.0.0–1.0.1). The root cause is improper neutralization of elements used in OS commands, allowing remote command execution via an exposed interface, which can lead to high-severity imp...
CVE-2024-24892 Unauthorized RCE in migration-tools
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...
[SECURITY] Fedora 40 Update: jboss-jaxrs-2.0-api-1.0.0-27.fc40
JSR 339: JAX-RS 2.0: The Java API for RESTful Web Services...
PT-2024-14824 · Quarkus · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.6.9 Quarkus versions prior to 3.7.1 Quarkus versions prior to 3.8.x Description: A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Jav...
Fedora: Security Advisory (FEDORA-2024-2648dd2e0e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rubygem-httparty-0.18.1-9.fc39
Makes http fun! Also, makes consuming restful web services dead easy...