ROS-20231109-02

Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...

PT-2025-40138

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to GPIO character device handling. Specifically, a NULL-pointer dereference can occur when requesting lines, unbinding the GPIO device, and then...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

Unlocking Serverless with AWS Lambda and IAM

Learn how Lambda and IAM unlock the power and versatility of the cloud by implementing a serverless User API that can be expanded on as you grow and explore the many services on AWS...

Design/Logic Flaw

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...

GHSA-CG54-GPGR-4RM6 user-readable api tokens in systemd units for JupyterHub

Impact user API tokens issued to single-user servers are specified in the environment of systemd units, which are accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. Patches Patched in jupyterhub-systemdspawner v0.15 Workarounds No...

PT-2020-14375 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns an unauthenticated API, specifically the "zy install user" API endpoint. This allows for unauthorized access. Recommendations: For versions 3.1.0 and 3.1....

UPDATE: Empire 3.1.0

Empire 3.1.0 was released a few hours ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. It’s a very good thing that, BC-Security has taken over the development of the tool and has made some awesome...

CVE-2019-1020017

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

Code injection

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

CVE-2019-1020017

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

CVE-2019-1020017

CVE-2019-1020017 affects Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3, where logging in via a user-api OTP lacks a confirmation screen. The vulnerability originates from improper flow gating during OTP-based login, enabling potential unintended access without explicit user confirmation...

CVE-2017-18376

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala...

Authorization

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala...

CVE-2017-18376

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala...

CVE-2017-18376

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala...

CVE-2017-18376

The Hive vulnerability CVE-2017-18376 is an improper authorization check in the User API (app/controllers/UserCtrl.scala) that lets users with read-only or read/write access escalate to administrator privileges. Affected versions are TheHive before 2.13.4 and 3.x before 3.3.1. Impact details indi...

UBUNTU-CVE-2016-4565

The InfiniBand aka IB stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service kernel memory write operation or possibly have unspecified other impact via a uAPI interface...

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

CVE-2013-2547

The cryptoreportone function in crypto/cryptouser.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMI...