CVAD Workspace App (Windows, MAC, Linux)

Introduction This article is a summary of the top support articles related to CVAD Workspace App Windows, MAC, Linux Overview of the Issue Provide a brief yet comprehensive overview of the issue, outlining the common challenges and key points that will be addressed in detail in the linked content...

CVE-2023-30691

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices SMR Aug-2023 Release 1 version, which stems from a packet mismatch in AuthenticationConfig...

GHSA-46V3-GGJG-QQ3X Rancher UI has multiple Cross-Site Scripting (XSS) issues

Impact Multiple Cross-Site Scripting XSS vulnerabilities have been identified in the Rancher UI. Cross-Site scripting allows a malicious user to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform oth...

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

PT-2022-6068 · Veritas · Veritas Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 10.1 Veritas NetBackup Appliance versions affected versions not specified Related Veritas products on Linux and UNIX versions affected versions not specified Description: The Java Admin Console in Veritas...

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

Vulnerability in client (CVE-2021-23222)

libpq processes unencrypted bytes from man-in-the-middle A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. If more preconditions hold, the attacker can exfiltrate the client's password or othe...

GHSA-QXX8-292G-2W66 Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see t...

Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see t...

Design/Logic Flaw

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send...

CVE-2020-24612

An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok...

CVE-2018-1098

A cross-site request forgery flaw has been discovered in etcd. A remote attacker could set up a malicious website that execute POST requests to an etcd server to modify or add a key. Mitigation Configure and enable authentication on the etcd server...

Lenovo Chassis Management Module (CMM) Information Disclosure Vulnerability (CNVD-2019-05532)

The Lenovo Chassis Management Module CMM is a hot-swappable Lenovo Flex System module that can be used to configure and manage all installed Lenovo Flex System components. An information disclosure vulnerability exists in Lenovo CMM versions prior to 2.0.0, which can be exploited by an attacker t...

CVE-2018-9071

Lenovo Chassis Management Module CMM prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration...

CVE-2018-9071

Lenovo Chassis Management Module CMM prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration...

CVE-2018-9071

CVE-2018-9071 affects Lenovo Chassis Management Module (CMM) prior to version 2.0.0, where unauthenticated users can retrieve information about the current authentication configuration, including password length, expiration, and lockout settings. The vulnerability is confirmed across multiple sou...

CVE-2018-9071 CMM Security Vulnerability

Lenovo Chassis Management Module CMM prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration...

The vulnerability of Cisco ASR 5000 router microprogramming software allows attackers to enhance their privileges.

The vulnerability of the SSH protocol implementation in Cisco ASR 5000 microprogramming software is related to deficiencies in the configuration of multi-user authentication with a public key. Exploiting this vulnerability allows a malicious actor to gain increased privileges by establishing a...

CVE-2016-1335

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previous...