1088 matches found
CVE-2023-1555
Removed by vendor...
GitLab 15.2 < 16.1.5 / 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2023-1555)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespac...
PT-2023-27521 · Ironic +2 · Ironic +2
Name of the Vulnerable Software and Affected Versions: ironic-image versions prior to capm3-v1.4.3 Description: The issue arises when Ironic is not deployed with TLS and does not have API and Conductor split into separate services, resulting in unprotected access to the API. By default, Ironic AP...
CVE-2023-35082
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. Recent assessments: sfewer-r7 at...
Ivanti Endpoint Manager Mobile < 11.3 Remote Unauthenticated API Access (CVE-2023-35082)
The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.3. It is, therefore, affected by an undisclosed unauthenticated API access vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the service's...
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
When this blog was originally published on August 2, it said that CVE-2023-35082 only affected MobileIron Core 11.2 and earlier, which are unsupported. On August 7, Ivanti published an updated advisory noting that since originally disclosing CVE-2023-35082, they have continued their investigation...
CVE-2023-26449
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
A vulnerability discovered in Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names, phone numbers, and other mobile...
Exploit for Improper Authentication in Ivanti Endpoint_Manager_Mobile
CVE-2023-35078 Exploit POC CVE-2023-35078 Remote Unauthenticat...
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile EPMM, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 CVSS score: 7.8, impacts support...
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile, which was previously branded as MobileIron Core. The vulnerability has a CVSS v3 base score of 10.0 and has a severity rating of Critical. Ivanti has reported that they have received information...
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...
Ivanti Endpoint Manager Mobile < 11.8.1.1 / 11.9.x < 11.9.1.1 / 11.10.x < 11.10.0.2 Remote Unauthenticated API Access (CVE-2023-35078)
The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.8.1.1, 11.9.x 11.9.1.1, or 11.10.x 11.10.0.2. It is, therefore, affected by an undisclosed unauthenticated API access vulnerability. Note that Nessus has not tested for the temporary RPM-base...
OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
Design/Logic Flaw
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...
CVE-2023-37238
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...
CVE-2023-37238
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...
UBUNTU-CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...
PT-2023-5204 · Fortinet · Fortimanager +1
Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.0 through 7.2.2 FortiAnalyzer versions 6.0 through 7.2.2 Description: The issue is related to improper privilege management, which may allow a remote and authenticated API admin user to access certain system settings,...