CVE-2024-23943

CVE-2024-23943 affects MB Connect Line mbCONNECT24 devices. The root cause is a lack of authentication for a critical function, enabling unauthenticated remote attackers to access the cloud API. Vulnerable versions are mbCONNECT24 prior to 2.16.2; remediation is upgrading to 2.16.2 or later. Impa...

CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...

cloud-api.brp.com Open Redirect vulnerability OBB-3777555

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

cloud.metaapi.sdk:metaapi-java-sdk (>=7.1.0 <=14.0.9), com.after_sunrise.cryptocurrency:bitflyer4j (>=0.5.0 <=0.6.0) +70 more potentially affected by CVE-2022-25867 via io.socket:socket.io-client (>=0.6.1 <=2.0.0)

io.socket:socket.io-client MAVEN version =0.6.1, =7.1.0, =0.5.0, =0.2.0, =1.1.5, =1.0.4, =1.0.4, =1.2.1, =2.3.3, =1.0.1, =2.1.0, =1.0, =1.0.1 and more Source cves: CVE-2022-25867 Source advisory: OSV:GHSA-85XX-XHJM-RHRW...

The vulnerability of the Apache APISIX cloud API gateway, related to bypassing authentication through spoofing, allows attackers to execute arbitrary code.

The vulnerability of the Apache APISIX cloud API gateway involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2021-29906

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

Information disclosure

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

CVE-2021-29906

CVE-2021-29906 – IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when configured to use an IBM Cloud API key to connect to cloud-based connectors. The vulnerability arises because the container image/hash may include the IBM Cloud API key used b...

Fortress Home Security Open to Remote Disarmament

A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry. The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and...

Code injection

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

CVE-2018-18602

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

CVE-2018-18602

The CVE-2018-18602 issue pertains to Guardzilla smart cameras where the Cloud API allows user enumeration, enabling arbitrary camera access and monitoring. Affected software appears to be the Guardzilla Cloud API and associated Guardzilla cameras. The root cause described across sources is user e...

CVE-2018-18602

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

CVE-2018-18602

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring...

Code injection

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext...

Design/Logic Flaw

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file...

CVE-2016-6546

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext...

CVE-2016-6546 iTrack Easy mobile application stores the user password in base-64 encoding/cleartext

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext...