MGASA-2022-0130 Updated chromium-browser-stable packages fix security vulnerability

Use after free in Portals. CVE-2022-1125 Use after free in QR Code Generator. CVE-2022-1127 Inappropriate implementation in Web Share API. CVE-2022-1128 Inappropriate implementation in Full Screen Mode. CVE-2022-1129 Insufficient validation of untrusted input in WebOTP. CVE-2022-1130 Use after fr...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

Information Disclosure

motioneye is vulnerable to information disclosure. The vulnerability exists due to an insecure access control allowing an attacker to access sensitive information via the GET request to web API /config/list endpoint when a user's password is not configured...

Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc

Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...

Renderers can obtain access to random bluetooth device without permission in Electron

Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device...

CVE-2022-21718 Renderers can obtain access to random bluetooth device without permission in Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not...

A Search for API Security in the Operator’s Tool Box

Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...

org.apache.nifi.registry:nifi-registry-assembly (>=0.1.0 <=0.5.0), org.apache.nifi.registry:nifi-registry-docs (>=0.4.0 <=0.5.0) potentially affected by CVE-2020-9482 via org.apache.nifi.registry:nifi-registry-web-api (>=0.1.0 <=0.5.0)

org.apache.nifi.registry:nifi-registry-web-api MAVEN version =0.1.0, =0.1.0, =0.4.0, =0.5.0 Source cves: CVE-2020-9482 Source advisory: OSV:GHSA-RCWJ-2HJ2-VMJJ...

Huawei DG8045 Router 1.0 - Credential Disclosure

Title: Huawei DG8045 Router 1.0 - Credential Disclosure Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 HardwareVersion: VER.A CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the bac...

CVE-2022-21377

The CVE-2022-21377 entry concerns Oracle Construction and Engineering’s Primavera Portfolio Management (Web API). Affected versions are 18.0.0.0–18.0.3.0, 19.0.0.0–19.0.1.2 and 20.0.0.0. The vulnerability permits an unauthenticated attacker with network access via HTTP to compromise Primavera Por...

CVE-2022-21377

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web API. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

Ultimaker 3D printer 跨站请求伪造漏洞

The Ultimaker 3D printer is a series of powerful, professional 3D printers from the Dutch company Ultimaker. A security vulnerability exists in the Ultimaker 3D printer that originates from local web servers hosting APIs that are vulnerable to CSRF attacks. They do not validate incoming requests...

PT-2021-7169 · Minio +1 · Minio +1

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2021-12-27T07-23-18Z Description: The issue is related to insecure privilege management in MinIO, a Kubernetes native application for cloud storage. It allows a remote attacker to elevate their privileges by...

Minio MinIO 安全漏洞

Minio MinIO is an open source object storage server from MinIO USA. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO has a security vulnerability that stems from the fact that MinIO is a native application for Kubernetes cloud...

Heap overflow

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests...

CVE-2021-41017

CVE-2021-41017 describes multiple heap-based buffer overflow vulnerabilities in FortiWeb’s web API controllers (versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15). The underlying issue is heap-based overflow which may allow a remote authenticated attacker to execute arbitrary code or commands via s...

VulnCheck KEV: CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

CVE-2021-43549

A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information...

Information disclosure

A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information...

CVE-2021-43549

CVE-2021-43549 affects the OSIsoft PI Web API. A remote authenticated attacker with write access to a PI Server can lure a user into interacting with a PI Web API endpoint and redirect them to a malicious site, potentially disclosing sensitive information or providing false data. Root cause: impr...