The vulnerability of the EVP_DecryptUpdate function in the OpenSSL library of the Sante PACS Server web server allows a hacker to execute arbitrary code.

The vulnerability of the EVPDecryptUpdate function in the OpenSSL library of the Sante PACS Server web server system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending specially crafte...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.29 and earlier, which stems from a business logic error in the hub data sourc...

GitLab EE/CE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab EE/CE versions prior to 11.5 through 17.7.7,...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.13.0 through 2.2.0, which stems from the possibility that...

Linux Distros Unpatched Vulnerability : CVE-2021-32050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published...

CVE-2024-43196

Summary (CVE-2024-43196) : IBM OpenPages with Watson 8.3 and 9.0 contains a vulnerability where an authenticated user can manipulate data in the Questionnaires application, enabling spoofing of other users’ responses. The CVSS base score is 4.3 (vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:...

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

CVE-2025-24034 Himmelblau leaks credentials in the debug log

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

PT-2025-54917

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending invalid base64 SASL data can disrupt the login process by disconnecting it from the authentication server, leading to the failure of all active authentication sessions. This can be used to...

The vulnerability of the Windows DNS service on Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows DNS service in Microsoft Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Local Security Authority Subsystem Service (LSASS) in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Local Security Authority Subsystem Service LSASS in Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2024-9468 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The vulnerability in the Windows Local Security Authority Subsystem Service LSASS is related to the use of insecure mechanisms for handling authentication data in the operating system's...

PT-2024-9465 · Microsoft · Windows Domain Name Service +1

Name of the Vulnerable Software and Affected Versions: Windows Domain Name Service versions affected versions not specified Description: The issue is related to a remote code execution problem in the Windows Domain Name Service. It involves the use of insecure mechanisms for handling authenticati...

PT-2024-9464 · Microsoft · Windows Remote Desktop Services +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services affected versions not specified Description: The issue is related to a remote code execution problem in Windows Remote Desktop Services. It involves the use of insecure mechanisms for handling authentication da...

The vulnerability of the Windows Virtual Hard Disk component of the Microsoft Windows operating system, which allows a hacker to trigger a service failure.

The vulnerability of the Windows Virtual Hard Disk component of the Microsoft Windows operating system is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...