CVE-2023-4605

The CVE-2023-4605 case describes an vulnerability in Lenovo XClarity Administrator (LXCA) where a valid authenticated LXCA user can potentially leverage an unauthenticated API endpoint to retrieve system event information. Affected component: LXCA’s API surface exposing system event data. Root ca...

CVE-2023-4605

A valid authenticated Lenovo XClarity Administrator LXCA user can potentially leverage an unauthenticated API endpoint to retrieve system event information...

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

CVE-2018-5256

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...