63moons Aero
6 CVEs affecting 63moons Aero. Latest disclosed: 2024-11-04. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-51558 | Critical | 9.8 | 2024-11-04 | This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker co… |
CVE-2024-51561 | High | 7.5 | 2024-11-04 | This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could e… |
CVE-2024-51559 | Medium | 6.5 | 2024-11-04 | This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vu… |
CVE-2024-51557 | Medium | 6.5 | 2024-11-04 | This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this… |
CVE-2024-51556 | Medium | 6.5 | 2024-11-04 | This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could… |
CVE-2024-51560 | Medium | 4.3 | 2024-11-04 | This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could… |