Lucene search
K

453 matches found

CNNVD
CNNVD
added 2025/01/09 12:0 a.m.6 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal RESTful Web Services versions 7.X-2.0 through 7.X-2.10, which stems from the inclusion of an Exposure of Sensitive Information via Data Queries...

7.5CVSS6.8AI score0.00495EPSS
Exploits0References2
Fedora
Fedora
added 2024/11/05 4:43 a.m.11 views

[SECURITY] Fedora 40 Update: python-quart-0.19.8-1.fc40

Quart is an async Python web microframework. Using Quart you can, render and serve HTML templates, write RESTful JSON APIs, serve WebSockets, stream request and response data, do pretty much anything over the HTTP or WebSocket protocols...

7.3AI score
Exploits0
Fedora
Fedora
added 2024/11/05 4:40 a.m.14 views

[SECURITY] Fedora 41 Update: python-quart-0.19.8-1.fc41

Quart is an async Python web microframework. Using Quart you can, render and serve HTML templates, write RESTful JSON APIs, serve WebSockets, stream request and response data, do pretty much anything over the HTTP or WebSocket protocols...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/17 5:25 a.m.60 views

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 CVSS score: 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been describ...

8AI score0.9921EPSS
Exploits11
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.5 views

Authorization Bypass Through User-Controlled Key in emicklei/go-restful

...

9.3CVSS9.3AI score0.02737EPSS
Exploits1
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.38 views

OSIsoft PI Web API Code Issue Vulnerability

The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...

8.4CVSS7.1AI score0.00417EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 4:29 p.m.35 views

Security Bulletin: IBM Storage Fusion is vulnerable to authorization bypass due to go-restful.

Summary emicklei/go-restful is used by IBM Storage Fusion's isf-prereq-operator to create pre-requisite resources and deploy dependent operators. CVE-2022-1996. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused ...

9.3CVSS9.7AI score0.02737EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.3 views

Drupal RESTful Web Services module < 7.x-2.10 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Fran Garcia-Linares in WordPress Module RESTful Web Services versions 7.x-2.10...

7AI score
Exploits0References1Affected Software1
Drupal
Drupal
added 2024/05/15 12:0 a.m.51 views

RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019

This module exposes Drupal resources e.g. entities as RESTful web services. The module doesn't sufficiently restrict access for user resources...

7.5CVSS7.2AI score0.00495EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.29 views

RHEL 8 : openshift-gitops-kam (RHSA-2023:3229)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3229 advisory. Security Fixes: go-restful: Authorization Bypass Through User-Controlled Key CVE-2022-1996 For more details about the security issues, including the...

9.3CVSS8.3AI score0.02737EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.34 views

RHEL 9 : openshift-gitops-kam (RHSA-2023:3557)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3557 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: go-restful: Authorization Bypass Through User-Controlle...

9.3CVSS8.3AI score0.02737EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.21 views

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

9.3CVSS7.5AI score0.0995EPSS
Exploits6References38
CVE
CVE
added 2024/04/08 12:0 a.m.76 views

CVE-2024-27488

ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...

9.8CVSS7.1AI score0.0063EPSS
Exploits0References1
NVD
NVD
added 2024/03/25 7:15 a.m.21 views

CVE-2024-24892

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...

8.1CVSS8.2AI score0.00916EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 7:13 a.m.63 views

CVE-2024-24892

CVE-2024-24892 describes an OS command injection and privilege escalation in openEuler migration-tools (versions 1.0.0–1.0.1). The root cause is improper neutralization of elements used in OS commands, allowing remote command execution via an exposed interface, which can lead to high-severity imp...

8.1CVSS8.2AI score0.00916EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/25 7:13 a.m.22 views

CVE-2024-24892 Unauthorized RCE in migration-tools

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...

8.1CVSS8.4AI score0.00916EPSS
Exploits0References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.23 views

[SECURITY] Fedora 40 Update: jboss-jaxrs-2.0-api-1.0.0-27.fc40

JSR 339: JAX-RS 2.0: The Java API for RESTful Web Services...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.9 views

PT-2024-14824 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.6.9 Quarkus versions prior to 3.7.1 Quarkus versions prior to 3.8.x Description: A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Jav...

6.9CVSS6.8AI score0.00458EPSS
Exploits0References14
OpenVAS
OpenVAS
added 2024/01/18 12:0 a.m.12 views

Fedora: Security Advisory (FEDORA-2024-2648dd2e0e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.3AI score0.0129EPSS
Exploits1References4
Fedora
Fedora
added 2024/01/14 1:0 a.m.17 views

[SECURITY] Fedora 39 Update: rubygem-httparty-0.18.1-9.fc39

Makes http fun! Also, makes consuming restful web services dead easy...

5.3CVSS5.4AI score0.0129EPSS
Exploits1
Rows per page
Query Builder