CVE-2020-15243

CVE-2020-15243 affects Smartstore 4.0.0 and 4.0.1 with the Web API plugin installed and activated, where a missing WebApi Authentication attribute creates a vulnerability. The recommended remediations are to merge the 4.0.x branch (or overwrite the SmartStore.Web.Framework in the deployed shop’s ...

CVE-2020-3567

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2019-16004

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerabili...

Acronis: No brute force protection on web-api-cloud.acronis.com

There was no brute force protection on https://web-api-cloud.acronis.com/api/idp/v1/token endpoint...

CVE-2020-3521

A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker...

CVE-2019-11858

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9...

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9...

CVE-2019-11858

CVE-2019-11858 involves multiple buffer overflow vulnerabilities in the AceManager Web API of the ALEOS platform. Connected sources indicate the affected software is ALEOS with vulnerable AceManager Web API versions prior to 4.13.0 , 4.9.5 , and 4.4.9 . The root cause is described as buffer overf...

CVE-2019-11858 ALEOS Multiple Web UI vulnerabilities

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9...

CVE-2020-5377

Dell EMC OpenManage Server Administrator OMSA versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain...

PT-2020-18440 · Dell Emc · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell EMC OpenManage Server Administrator OMSA versions 9.4 and prior Description: The issue allows an unauthenticated remote attacker to potentially exploit multiple path traversal vulnerabilities by sending a crafted Web API request containi...

The vulnerability of the update service for microprogramming software of Cisco TelePresence Collaboration Endpoint Software and the Cisco RoomOS operating system allows a hacker to modify the file system, trigger a service failure, or gain privileged access to the root file system.

The vulnerability of the software update service for Cisco TelePresence Collaboration Endpoint Software and the operating system Cisco RoomOS exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

Cross site scripting

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-12021

CVE-2020-12021 affects OSIsoft PI Web API (2019 Patch 1, 1.12.0.6346) and earlier, with a cross-site scripting vulnerability that could enable a remote attacker to execute arbitrary JavaScript in a user’s browser, potentially leading to data view/modification/deletion under the victim’s permissio...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-3336

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

Input validation

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

OSIsoft PI Web API Cross-Site Scripting Vulnerability (CNVD-2020-51561)

OSIsoft PI Web API is a RESTful interface to a set of PI systems from the U.S. company OSIsoft. The product supports client applications to read and write access to their AF and PI data via HTTPS. A cross-site scripting vulnerability exists in the OSIsoft PI Web API, which can be exploited by an...