Computer vulnerabilities of IBM API Connect

Go: overload via ReadUvarint
An attacker can trigger an overload via ReadUvarint() of Go, in order to trigger a denial of service...
6344299, CVE-2020-16845, FEDORA-2020-deff052e7a, FEDORA-2020-e384830a0d, openSUSE-SU-2020:1178-1, openSUSE-SU-2020:1194-1, openSUSE-SU-2020:1405-1, openSUSE-SU-2020:1407-1, RHSA-2020:3665-01, SUSE-SU-2020:2562-1, VIGILANCE-VUL-33042

Kubernetes: privilege escalation via kube-apiserver
An attacker can bypass restrictions via kube-apiserver of Kubernetes, in order to escalate his privileges...
6344297, CVE-2020-8559, VIGILANCE-VUL-32841

Kubernetes: denial of service via kubelet /etc/hosts
An attacker can trigger a fatal error via kubelet /etc/hosts of Kubernetes, in order to trigger a denial of service...
6344297, CVE-2020-8557, VIGILANCE-VUL-32840

IBM API Connect V 2018: information disclosure via Weak Cryptographic Algorithms
An attacker can bypass access restrictions to data via Weak Cryptographic Algorithms of IBM API Connect V 2018, in order to obtain sensitive information...
6240322, CVE-2020-4452, VIGILANCE-VUL-32634

Drupal Internationalization: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Internationalization, in order to run JavaScript code in the context of the web site...
6240304, DRUPAL-SA-CONTRIB-2020-025, VIGILANCE-VUL-32571

Drupal Core: privilege escalation via JSON-API PATCH Requests
An attacker can bypass restrictions via JSON:API PATCH Requests of Drupal Core, in order to escalate his privileges...
6240310, CERTFR-2020-AVI-381, CVE-2020-13665, DRUPAL-SA-CORE-2020-006, VIGILANCE-VUL-32570

Drupal Core: Cross Site Request Forgery via Form API
An attacker can trigger a Cross Site Request Forgery via Form API of Drupal Core, in order to force the victim to perform operations...
6240240, CERTFR-2020-AVI-381, CVE-2020-13663, DLA-2263-1, DRUPAL-SA-CORE-2020-004, DSA-4706-1, FEDORA-2020-0b32a59b54, FEDORA-2020-fbb94073a1, VIGILANCE-VUL-32568

IBM API Connect: Cross Site Scripting via Web UI
An attacker can trigger a Cross Site Scripting via Web UI of IBM API Connect, in order to run JavaScript code in the context of the web site...
6209125, CVE-2020-4251, VIGILANCE-VUL-32528

Drupal Core 7: open redirect via drupal_goto
An attacker can deceive the user via drupal_goto() of Drupal Core 7, in order to redirect him to a malicious site...
6226330, CVE-2020-13662, DLA-2250-1, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-fbb94073a1, VIGILANCE-VUL-32314

PHP: memory leak
An attacker can create a memory leak of PHP, in order to trigger a denial of service...
6253313, 78875, 78876, bulletinjul2020, CERTFR-2020-AVI-292, CERTFR-2020-AVI-371, cpuoct2020, CVE-2019-11048, DLA-2261-1, DSA-4717-1, DSA-4719-1, FEDORA-2020-3ea2253402, FEDORA-2020-8838d072d5, FEDORA-2020-9fa7f4e25c, openSUSE-SU-2020:0847-1, RHSA-2020:3662-01, SUSE-SU-2020:1661-1, SUSE-SU-2020:1661-2, SUSE-SU-2020:1714-1, USN-4375-1, VIGILANCE-VUL-32274

Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect:

https://www.ibm.com/cloud/api-connect?loc=fr-fr