Information disclosure

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2021-29086

The issue is CVE-2021-29086 affecting Synology DiskStation Manager (DSM) webapi prior to version 6.2.3-25426-3. An information disclosure vulnerability exists in the webapi component that allows remote attackers to obtain sensitive information via unspecified vectors. Affected product: DSM (Synol...

PT-2021-18075 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue allows remote attackers to obtain sensitive information via unspecified vectors due to exposure of sensitive information to an unauthorized actor...

Synology DiskStation Manager 路径遍历漏洞

DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. A path traversal vulnerability exists in the webapi component in Synology DiskStation Manager versions prior to 6.2.3-25426-3. A remote attacker can exploit the...

Synology Video Station Video Station Server-Side Request Forgery Vulnerability

Synology Video Station is a video management center. It can manage all movies, TV shows and home videos on Synology NAS. A server-side request forgery vulnerability exists in the Synology Video Station webapi component before 2.4.10-1632, which can be exploited by a remote authenticated attacker ...

CVE-2021-33181

Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...

CVE-2021-33181

Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...

CVE-2021-33181

Server-Side Request Forgery SSRF vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors...

CVE-2021-33181

CVE-2021-33181 refers to a Server-Side Request Forgery in the Synology Video Station webapi component prior to version 2.4.10-1632. The vulnerability enables remote authenticated attackers to issue arbitrary requests to internal/intranet resources via unspecified vectors. Documents consistently i...

CVE-2021-28585

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...

PT-2021-3433 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to improper input validation in the New customer WebAPI, which could allow an attacker to send...

CVE-2021-21016

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

CVE-2021-21016

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

Command injection

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

CVE-2021-21016 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

CVE-2021-21016

Summary (CVE-2021-21016) Magento Commerce/Open Source prior to fixes is vulnerable to an OS command injection via the WebAPI, potentially enabling remote code execution for an authenticated attacker with admin access. Affected versions include 2.4.1 (and earlier), 2.4.0-p1 (and earlier), and 2.3....

hltc-webapi-master (>=1.0.0 <=1.2.0), verda (>=0.1.0 <=1.2.1) potentially affected by CVE-2020-7784 via ts-process-promises (=1.0.2)

ts-process-promises NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on ts-process-promises and may be impacted: - hltc-webapi-master =1.0.0, =0.1.0, =1.2.1 Source cves: CVE-2020-7784 Source advisory: OSV:GHSA-WW4J-C2RQ-47Q8...

hltc-webapi-master (>=1.0.0 <=1.2.0), verda (>=0.1.0 <=1.2.1) potentially affected by CVE-2020-7784 via ts-process-promises (=1.0.2)

ts-process-promises NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on ts-process-promises and may be impacted: - hltc-webapi-master =1.0.0, =0.1.0, =1.2.1 Source cves: CVE-2020-7784 Source advisory: SNYK:JS-TSPROCESSPROMISES-1048334...

CVE-2020-15243

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...