11 matches found
CVE-2025-55070
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in versions prior to Mattermost 11 that stems from a WebSocket connection that does not enforce multi-factor authentication, which could result in an unauthenticated use...
CVE-2024-31853
A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...
LearningDigital Orca HCM 路径遍历漏洞
LearningDigital Orca HCM is a digital learning platform from China-based LearningDigital. A path traversal vulnerability exists in LearningDigital Orca HCM versions prior to 11.0, which arises from improperly restricting certain parameters of the file download function, allowing a remote attacker...
CVE-2024-23908
Insecure inherited permissions in some Flexlm License Daemons for IntelR FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 11.2.624071020, which stems from a security flaw in the pseudo-random number generator PRNG...
Digital Ant E-Commerce Cross-Site Scripting Vulnerability
Digital Ant E-Commerce is an e-commerce platform from Digital Ant, Inc. A cross-site scripting vulnerability exists in versions of Digital Ant E-Commerce Software prior to version 11, which arises from improperly neutralized input during web page generation...
Apple Xcode ld64 component arbitrary code execution vulnerability (CNVD-2019-37184)
Apple Xcode is a set of integrated development environments IDEs provided to developers by Apple, Inc. that are used to develop applications for Mac OS X and iOS. ld64 is one of the Apple toolchain linking programs. An arbitrary code execution vulnerability exists in the ld64 component of Apple...
Apple iOS APNs Man-in-the-Middle Attack Vulnerability
Apple iOS is an operating system developed by Apple Inc. for mobile devices.APNs are a component of the push notification service. A security vulnerability exists in the APNs component in versions of Apple iOS prior to 11. An attacker can exploit this vulnerability to conduct a man-in-the-middle...
Schneider Electric Unity Pro Remote Code Execution Vulnerability
Schneider Electric Unity Pro is a suite of development software for testing, debugging and managing applications from the French company Schneider Electric. A remote code execution vulnerability exists in versions of Schneider Electric Unity Pro prior to V11.1. A remote attacker can exploit the...
security flaw
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...