CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...

CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...

CVE-2018-15656

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...

CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability

Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin versions =1.7.1. Solution 26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your...

Design/Logic Flaw

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

CVE-2019-0004

CVE-2019-0004 affects Juniper ATP 5.0 prior to 5.0.3. The issue is that API keys and device keys are logged to a file readable by local authenticated users, enabling potential abuse of WebUI operations. Affected component: Juniper ATP 5.0.x; root cause: keys logged to a world-readable/local file....

CVE-2019-0004 Juniper ATP: API and device keys are logged in a world-readable permissions file

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

Battelle V2I Hub Security Restriction Bypass Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A security restriction bypass vulnerability exists in Battelle V2I H...

Battelle V2I Hub Information Disclosure Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. An information disclosure vulnerability exists in Battelle V2I Hub...

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

CVE-2018-1000626

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

Information disclosure

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

Security feature bypass

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

CVE-2018-1000626

CVE-2018-1000626 affects Battelle V2I Hub 2.5.1. The vulnerability stems from not changing the default API key, enabling a remote attacker to bypass security restrictions by using any API function with the unchanged key, to gain unauthorized access. Documented across multiple sources (NVD, CNVD/C...

CVE-2018-1000628

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...