API - API Security Blog

SUSE SLED15 / SLES15 Security Update : python39 (SUSE-SU-2022:4071-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4071-1 advisory. - Python 3.9.x and 3.10.x through 3 ...

November 19, 2022

SUSE SLED15 / SLES15 Security Update : sccache (SUSE-SU-2022:4073-1)

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4073-1 advisory. - An issue was discovered in the to ...

November 19, 2022

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

[ ![Atlassian](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgXWvoG3Wa2O4iFP8_YIndzkCWMmuv9PIBNhyHdxMESLUy5-NEOPklfY8GfEfsAjbezb2jW6-Cs1Z45TmiwQAGS2DdMEJQ3dKjOpoQCvPLHSXD_nsfTUIWxYqab5F2I2 ...

November 18, 2022

CVSS3 - CRITICAL

CVE-2021-34337

password checking timing attack in administrative REST APIRead More ...

November 18, 2022

CVE-2022-45132

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configura ...

November 18, 2022

CVE-2022-45073

Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin Read More ...

November 18, 2022

Timing Attack

mailman3 is vulnerable to timing attacks. The vulnerability exists because of the use of basic string equality which allows an attacker to talk directly to the REST API, which by default is bound to l ...

November 18, 2022

MariaDB 5.5.0 < 5.5.40 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 5.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5-5-40-release-notes advisory. - Unspecifi ...

November 18, 2022