3128 matches found
CVE-2024-54147
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147
The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
Altair 信任管理问题漏洞
Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A trust management issue vulnerability exists in Altair versions prior to 8.0.5, which stems from improper HTTPS certificate validation and allows a man-in-the-middle attacker to intercept all requests,...
PT-2024-36071 · Altair · Altair Graphql Client
Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5 Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL...
Shopify: GraphQL Introspection Enabled on Shopify API Endpoint (Intended Behavior)
Summary: Hi team ! i've found a misconfiguration in your graphql Api on the endpoint in which an attacker is able to run a graphql interospection query to fetch schemas , types , fields , available query operations , after running interospection query on the graphql api endpoint , an attacker is...
PT-2024-10156 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.0 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue is related to the GraphQL Mutation Handler component of the GitLab platform, which can lead t...
Malicious code in grapql-yoga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86b2818aa6d6a1a84cac4d9d34681b77244b961c6531a273fe5273b4284abc62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10976 Malicious code in grapql-yoga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86b2818aa6d6a1a84cac4d9d34681b77244b961c6531a273fe5273b4284abc62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-9665
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious ema...
CVE-2024-9665
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious ema...
CVE-2024-9665 Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious ema...
CVE-2024-9665 Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious ema...
CVE-2024-9665
CVE-2024-9665 is a Zimbra GraphQL CSRF Information Disclosure vulnerability. The flaw resides in the GraphQL endpoint of Zimbra Collaboration (GraphQL implementation) and stems from insufficient CSRF protections, allowing an attacker to disclose sensitive information within the context of a victi...
CVE-2024-37155
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...
MAL-2024-10679 Malicious code in graphql-yga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f47f947ce34d135841426d54dbd431fafee589316d101ac561f402d69ff75316 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...