PT-2024-5097 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Server, related to errors in security mechanisms. This issue allows an unauthenticated attacker to access an...

CVE-2024-1803

Summary (CVE-2024-1803) : The WordPress plugin EmbedPress (Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.) up to version 3.9.12 is vulnerable to unauthorized access of PDF embed functionality due to insufficient authorization validation on the PDF embed block. Impact, per sources, is that a...

Security Bulletin: next-auth-4.24.3.tgz is vulnerable to CVE-2023-48309 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses next-auth-4.24.3.tgz which is vulnerable to CVE-2023-48309 Vulnerability Details CVEID:CVE-2023-48309 DESCRIPTION: Auth.js next-auth could allow a remote attacker to obtain sensitive information, caused by improper authentication...

Authentication flaw

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary There are multiple vulnerabilities in OpenSSL as used by AIX. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509...

Acronis Agent和Acronis Cyber Protect 信任管理问题漏洞

Acronis Agent and Acronis Cyber Protect are both products of Acronis Singapore.Acronis Agent is an agent software.Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise. Combining backup, anti-malware, network security, and endpoint management capabilities su...

Acronis Agent和Acronis Cyber Protect 信任管理问题漏洞

Acronis Agent and Acronis Cyber Protect are both products of Acronis Singapore.Acronis Agent is an agent software.Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise. Combining backup, anti-malware, network security, and endpoint management capabilities su...

CVE-2021-27668

A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to obtain sensitive information caused by improper authentication validation by the /sys/license endpoint. By sending a specially-crafted HTTP request, an attacker can obtain license metadata from DR secondaries an...

JSA10487 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): OpenLDAP Issue

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. LDAPS based authentication and authorization require additional validation. The following software releases have a fix for this issue: PCS: 7.1R1 or higher. PPS: 4.1R1 or higher. We...

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Quality V13.1 All versions V13.1.20220624, Opcenter Quality V13.2 All versions V13.2.20220624. The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing...

Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-30640)

Summary IBM Rational Build Forge is affected by CVE-2021-30640. Vulnerability Details CVEID: CVE-2021-30640 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted...

Privilege Escalation

virtualbox is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authentication allowing an attacker to login to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...

Privilege Escalation

virtualbox is vulnerable privilege escalation. The vulnerability exists due to a lack of validation of authentication...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. The vulnerability exists due to a lack of validation of authentication allowing an attacker to crash the system using APIs in the specified Component...

Spree 跨站请求伪造漏洞

Spree is an open source mall developed using Ruby on Rails by an individual developer. A cross-site request forgery vulnerability exists in Spree auth devise, which stems from a lack of effective validation of the product's authentication against CSRF. This vulnerability can be exploited to send...

Privilege Escalation

rh-eclipse is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authentication when a user request to the local help web server...

CVE-2021-32923

A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted...

CVE-2020-7856

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation...

CVE-2020-7856

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation...