195 matches found
CVE-2024-46549
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users...
CVE-2024-45229
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can ...
CVE-2024-45229
Versa Director exposes certain REST APIs (login, banner, device registration) without authentication. A GET request with invalid arguments can be exploited by Directors connected to the Internet to obtain authentication tokens of other logged-in users, which can be used to call additional APIs on...
Malicious code in @taxify/react-api-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2024-7902 Malicious code in @taxify/react-api-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
PT-2024-32031 · Tp Link · Tp-Link Kasa Kp125M
Name of the Vulnerable Software and Affected Versions: TP-Link Kasa KP125M version 1.0.3 Description: An issue in the TP-Link MQTT Broker and API gateway allows attackers to establish connections by impersonating devices owned by other users. This impersonation can lead to unauthorized access...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2012
CVE-2024-2012 concerns the FOXMAN-UN/UNEM server and its APIGateway. Red Hat/Red Hat-adjacent and other sources describe an authentication bypass and post-authentication surface that could allow unauthenticated or improperly authenticated users to interact with services, potentially enabling unin...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
PT-2024-18615 · Unknown · Foxmann-Un/Unem Server
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN/UNEM server affected versions not specified Description: An authentication bypass issue exists in the FOXMAN-UN/UNEM server API Gateway component. This allows attackers without any access to interact with the services and the...
GHSA-99F9-GV72-FW9R Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Impacted Resources bref/src/Event/Http/HttpResponse.php:61-90 Description When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. Precisely, if PHP generates a response with two headers having the same key but different values only the...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753
CVE-2024-24753 concerns the Bref serverless PHP runtime on AWS Lambda. When used with API Gateway v2, Bref does not correctly handle multiple-value headers: if PHP emits two headers with the same name, only the last value is retained. This can undermine security policies that rely on multiple hea...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...