Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Australia. A security vulnerability exists in Octopus Deploy that stems from the fact that the server can be induced to send requests containing authentication material, which could...

The vulnerability of the Windows Update Stack component of the Microsoft Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Update Stack component of the Microsoft Windows operating system is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the upnphost.dll library in the Windows operating system, which allows attackers to escalate their privileges

The vulnerability of the upnphost.dll library in the Windows operating system is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Windows Graphics component in Windows operating systems allows attackers to elevate their privileges to a system-level level.

The vulnerability of the Windows Graphics component in Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of the EVP_DecryptUpdate function in the OpenSSL library of the Sante PACS Server web server allows a hacker to execute arbitrary code.

The vulnerability of the EVPDecryptUpdate function in the OpenSSL library of the Sante PACS Server web server system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending specially crafte...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.29 and earlier, which stems from a business logic error in the hub data sourc...

GitLab EE/CE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab EE/CE versions prior to 11.5 through 17.7.7,...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.13.0 through 2.2.0, which stems from the possibility that...

Linux Distros Unpatched Vulnerability : CVE-2021-32050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published...

CVE-2024-43196

Summary (CVE-2024-43196) : IBM OpenPages with Watson 8.3 and 9.0 contains a vulnerability where an authenticated user can manipulate data in the Questionnaires application, enabling spoofing of other users’ responses. The CVSS base score is 4.3 (vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

CVE-2025-24034 Himmelblau leaks credentials in the debug log

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

PT-2025-54917

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending invalid base64 SASL data can disrupt the login process by disconnecting it from the authentication server, leading to the failure of all active authentication sessions. This can be used to...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Local Security Authority Subsystem Service (LSASS) in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Local Security Authority Subsystem Service LSASS in Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Windows DNS service on Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows DNS service in Microsoft Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...