166 matches found
Malicious code in @mendeley-internal/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf5f20cb296d38e4859cdddfe26a5243135d149cd3f20f393a7a088c159110c Withdrawn Advisory This advisory has been withdrawn because it was generated erroneously. This link is maintained to preserve external references. Origin...
Private APIs at Risk: Q1-2023 API ThreatStats™ Report
According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big blind spot in your API security...
CVE-2023-28645
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
Secure view can be bypassed by using internal API endpoint
None...
CVE-2023-20059
A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...
CVE-2023-20059
A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
VulnCheck KEV: CVE-2022-26501
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
VulnCheck KEV: CVE-2022-26500
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
Open-Xchange OX App Suite 安全特征问题漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security feature issue vulnerability exists in Open-Xchange OX App Suite versions prior to 7.10.6 that stems from a conflict that can change the parameters of an API request between OX App...
U.S. Dept Of Defense: Unauthenticated access to internal API at██████████.███.edu [HtUS]
There was unauthenticated access to internal API at██████████.███.edu. Multiple API calls allowed an attacker to gain access to the internal API via the Azure API url appg3entcalapi.azurewebsites.net. The access to█████.██████.edu was only supposed to be available to internal users...
MAL-2022-348 Malicious code in @igdb/internal-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ec79cfda0dc3373cf41672610a4ab803332e33b369873a2d18a0932ba8b807d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @igdb/internal-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ec79cfda0dc3373cf41672610a4ab803332e33b369873a2d18a0932ba8b807d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-29556
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...
Server side request forgery (ssrf)
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...
CVE-2022-29556
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...
Northern.tech Mender Enterprise 代码问题漏洞
Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from the iot-manager microservice 1.0.0 that allows SSRF because the Azure IoT Hub integration...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...