API - API Security Blog

Security update for python-M2Crypto (important)

An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA ...

22 июля, 2022

Cloud Threat Detection: To Agent or Not to Agent?

![Cloud Threat Detection: To Agent or Not to Agent?](https://blog.rapid7.com/content/images/2022/07/blog-hero-bg--1-.jpg) The shift towards cloud and [cloud-native application architectures]() represe ...

22 июля, 2022

CVE-2021-36200

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.Read More ...

22 июля, 2022

CVE-2022-31168

Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administra ...

22 июля, 2022

OctoBot WebInterface 0.4.3 Remote Code Execution

Post ContentRead More ...

21 июля, 2022

Johnson Controls Metasys ADS, ADX, OAS

## 1. EXECUTIVE SUMMARY * **CVSS v3 5.3** * **ATTENTION:** Exploitable remotely/low attack complexity * **Vendor:** Johnson Controls, Inc * **Equipment:** Metasys ADS, ADX, OAS with MUI * ** ...

21 июля, 2022

CVE-2022-30628

It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that ...

21 июля, 2022

OctoBot WebInterface 0.4.3 – Remote Code Execution Exploit

Post ContentRead More ...

21 июля, 2022