Tableau Software Server Authorization Issues Vulnerability

Tableau Software Server is a set of file hosting servers from Tableau Software USA. The product is primarily used to manage and share data visualizations, interactive dashboards, workbooks, and reports created by Tableau Desktop data visualization software. A security vulnerability exists in...

CVE-2020-23446

Verint Workforce Optimization suite 15.1 15.1.0.37634 has Unauthenticated Information Disclosure via API...

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 expose an unauthenticated API endpoint, zy_install_user, enabling unauthorized access. Root cause: unauthenticated API call in the system. Impact: unauthorized actions on SecuManager (per the PT Security entry; no explicit CVSS details in provided docs)....

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluser API...

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...

CVE-2020-15344

CVE-2020-15344 affects Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The issue is an unauthenticated API endpoint, zy_get_user_id_and_key, which can be reached without authentication. Impact is defined in sources as a potential information exposure (user id and key). No exploit details are...

CVE-2020-15345

CVE-2020-15345 affects Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1, due to an unauthenticated zy_get_instances_for_update API endpoint. The vulnerability arises from an exposed API that can be accessed without authentication, enabling potential unauthorized access, with CVSSv3.1 base score 5.3 (Ne...

PT-2020-14378 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns an unauthenticated API endpoint, specifically the "zy get instances for update" API. Recommendations: For versions 3.1.0 and 3.1.1, consider restricting...

PT-2020-14374 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns an unauthenticated API endpoint, specifically the "update all realm license" API. Recommendations: For versions 3.1.0 and 3.1.1, consider restricting acce...

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

Sql injection

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

Starbucks: China – Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint

0xpatrik discovered an unauthenticated API endpoint that allowed retrieval of specified work leave dates of designated Starbucks employees in China. @0xpatrik — thank you for reporting the original vulnerability and for confirming the resolution...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

CVE-2019-10141

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

VMSA-2019-0005 : VMware ESXi, Workstation and Fusion updates address multiple security issues

a. VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Host Controller Interfac...

CVE-2018-5256

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...

CVE-2018-5256

CoreOS Tectonic information disclosure: A vulnerable proxy surface is exposed in Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3. A direct proxy to the Kubernetes API server at /api/kubernetes/ is mounted without authentication, enabling unauthenticated access and listing...

Cisco Clean Access Unauthenticated API Access

...

[Full-disclosure] Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access Revision 1.0 For Public Release 2005 August 17 1600 UTC GMT +------------------------------------------------------------------------------ Contents ======== Summary Affected...