CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

188 matches found

Prion•added 2019/12/02 2:15 a.m.•9 views

Remote code execution

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code...

7.5CVSS9.8AI score0.0234EPSS

Exploits0References1Affected Software2

CVE•added 2019/12/02 1:44 a.m.•54 views

CVE-2019-15631

CVE-2019-15631 is a remote code execution vulnerability affecting MuleSoft Mule CE/EE 3.x and API Gateway 2.x, described as exploitable to run arbitrary code by a remote attacker and linked to releases before 31 October 2019. The connected records consistently identify the affected product family...

9.8CVSS9.8AI score0.0234EPSS

Exploits0References1Affected Software2

Cvelist•added 2019/12/02 1:44 a.m.•15 views

CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code...

9.8CVSS10AI score0.0234EPSS

Exploits0References1

Kitploit•added 2019/11/22 12:11 p.m.•313 views

FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation

Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverage...

7.4AI score

Exploits0References1

Github Security Blog•added 2019/11/08 5:31 p.m.•21 views

Default Express middleware security check is ignored in production

Default Express middleware security check is ignored in production Impact All Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default express authentication middleware in production environment are affected. Patches @cubejs-backend/[email protected] Workaround...

1.5AI score

Exploits0References2Affected Software1

vulnersOsv•added 2019/10/17 9:26 a.m.•2 views

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-17513 via io.ratpack:ratpack-core (>=0.9.10 <=1.7.4)

io.ratpack:ratpack-core MAVEN version =0.9.10, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-17513 Source advisory: SNYK:JAVA-IORATPACK-473841...

7.5CVSS6.4AI score0.02153EPSS

Exploits0

Akamai Blog•added 2019/10/11 8:0 p.m.•255 views

Verify JWT With JSON Web Key Set (JWKS) in API Gateway

JSON Web Tokens JWT use digital signatures to establish the authenticity of the data they contain, as well as authenticating the identity of the signer. A valid signature check ensures that any party can rely on the contents and the signatory of the JWT. This is typically accomplished by using an...

7.1AI score

Exploits0

Akamai Blog•added 2019/10/11 8:0 p.m.•150 views

October 2019 - What's New in Web Performance?

Today, Akamai announced the October 2019 Release, which introduces new capabilities to the Performance product line with a focus on helping customers deliver superior experiences with the power of the Edge. Here are some highlights from the release with additional detail below. EdgeWorkers enable...

Exploits0

Akamai Blog•added 2019/10/11 4:0 a.m.•14 views

Faster JWT Key Rotation in API Gateway

2.3AI score

Exploits0

NVD•added 2019/08/30 5:15 p.m.•12 views

CVE-2019-15630

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...

7.5CVSS7.5AI score0.02998EPSS

Exploits0References1

Prion•added 2019/08/30 5:15 p.m.•10 views

Directory traversal

5CVSS7.4AI score0.02998EPSS

Exploits0References1Affected Software1

CVE•added 2019/08/30 4:56 p.m.•358 views

CVE-2019-15630

CVE-2019-15630 describes a directory traversal vulnerability affecting MuleSoft products: APIkit, HTTP connector, and OAuth2 Provider components in Mule Runtime 3.x/4.x and all MuleSoft API Gateway versions released before August 1, 2019. The issue permits remote attackers to read files accessibl...

7.5CVSS7.4AI score0.02998EPSS

Exploits0References1Affected Software2

Kitploit•added 2019/08/24 9:52 p.m.•393 views

IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...

7.3AI score

Exploits0References3

Rhino Security Labs•added 2019/08/13 10:0 a.m.•47 views

Bypassing IP Based Blocking with AWS API Gateway

The post Bypassing IP Based Blocking with AWS API Gateway appeared first on Rhino Security Labs...

2.3AI score

Exploits0

NVD•added 2019/08/08 4:15 p.m.•17 views

CVE-2019-11208

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specifi...

9.9CVSS7.3AI score0.00906EPSS

Exploits0References2

OSV•added 2019/08/08 4:15 p.m.•1 views

CVE-2019-11208

9.9CVSS6.7AI score0.00906EPSS

Exploits0References2

Prion•added 2019/08/08 4:15 p.m.•18 views

Authorization

6.5CVSS9.5AI score0.00906EPSS

Exploits0References2Affected Software1

CVE•added 2019/08/08 3:36 p.m.•62 views

CVE-2019-11208

CVE-2019-11208 affects TIBCO API Exchange Gateway (versions 2.3.1 and earlier) and its Distribution for TIBCO Silver Fabric (2.3.1 and earlier). The vulnerability lies in the authorization component, which may process OAuth authorization incorrectly when multiple scopes are used, potentially allo...

9.9CVSS8.1AI score0.00906EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2019/08/08 12:0 a.m.•4 views

PT-2019-12186 · Tibco · Tibco Api Exchange Gateway +1

Name of the Vulnerable Software and Affected Versions: TIBCO API Exchange Gateway versions 2.3.1 and prior versions TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and prior versions Description: The authorization component of TIBCO API Exchange Gateway contains a...

9.9CVSS6.9AI score0.00906EPSS

Exploits0References3

vulnersOsv•added 2019/05/14 4:1 a.m.•2 views

com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5), gradle.plugin.com.bytekast:serverless-local-apigateway (>=0.4 <=0.5) +1 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-groovy (>=0.9.0 <=1.6.0)

io.ratpack:ratpack-groovy MAVEN version =0.9.0, =0.4, =0.4, =0.9.0, =1.10.0-milestone-39 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...

4.3CVSS5.8AI score0.01315EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by