CVE-2024-20474

CVE-2024-20474 is a Cisco Secure Client (formerly AnyConnect) vulnerability where the IKEv2 processing contains an integer underflow, allowing an unauthenticated remote attacker to crash the client and cause a DoS. A crafted IKEv2 packet can exploit the flaw on affected systems. Affected releases...

CVE-2024-20474

A vulnerability in Internet Key Exchange version 2 IKEv2 processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this...

| Citrix Workspace App 24.x SSON fails and ssonsvr.exe not running on client

SSON fails with CWA 2402 and 2405.10 The logon to a session stops at the "other user" screen . It is also noticed that the ssonsvr.exe process is not running on the client...

ROS-20240806-11

A vulnerability in the client software for interacting with the RabbitMQ Java message broker client is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

The vulnerability of the client.so file of the Ruijie EG-2000SE software allows a hacker to gain access to the user account and gain control over the system.

The vulnerability of the client.so file of the Ruijie EG-2000SE microprogramming system lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to gain access to the user account and execute commands to gain control of the system...

MAL-2024-1989 Malicious code in client (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

@audius/fetch-nft (>=0.1.8-beta.1 <=0.2.6), @audius/sdk (>=3.0.8-beta.13 <=4.2.0) +52 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.78.0 <=1.78.7)

@solana/web3.js NPM version =1.78.0, =0.1.8-beta.1, =3.0.8-beta.13, =0.0.10, =2.20.1-beta.306, =14.2.1-beta.306, =2.2.3-alpha.61, =1.0.1-rc.0, =2.21.0, =2.6.0, =0.0.5-beta.0, =1.1.0, =1.1.11 - @ctrl-tech/chains-controller =2.0.5 - @ctrl-tech/chains-solana =2.0.18 and more Source cves:...

BIT-DOTNET-SDK-2022-41032 NuGet Client Elevation of Privilege Vulnerability

NuGet Client Elevation of Privilege Vulnerability...

Improper access control

Improper access control in some Intel UniteR Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel® Unite® Software Advisory

Summary: A potential security vulnerability in some Intel Unite® Client software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-40161 Description: Improper access control in some Intel Unite®...

CVE-2023-50477

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js...

CVE-2023-20240

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

Design/Logic Flaw

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed aft...

Buffer overflow

Qihoo 360 https://www.360.cn/ Qihoo 360 Safeguard https://www.360.cn/ Qihoo 360 Total Security http://www.360totalsecurity.com/ is affected by: Buffer Overflow. The impact is: execute arbitrary code local. The component is: This is a set of vulnerabilities affecting popular software, "360...

CVE-2021-33971

The CVE-2021-33971 entry applies to Qihoo 360 products (360 Safeguard, 360 Total Security, and 360 Safe Browser/Chrome). The vulnerability family is a buffer overflow that enables local arbitrary code execution. Affected versions include 360 Safeguard 12.1.0.1004–13.1.0.1001, 360 Total Security 1...

The vulnerability in the web interface of Hirschmann BAT-C2’s WLAN-client microprogramming software allows a hacker to perform arbitrary actions.

The vulnerability of the web interface for managing WLAN client micro-programming software Hirschmann BAT-C2 exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

immudb 数据伪造问题漏洞

Immudb is a database with built-in cryptographic proof and authentication. A data forgery issue vulnerability exists in codenotary immudb versions prior to 1.4.1, which stems from a client SDK that does not validate the UUID and can accept any value reported by the server, which can be exploited ...

PT-2022-23200 · Immudb · Immudb

Name of the Vulnerable Software and Affected Versions: immudb versions prior to 1.4.1 Description: immudb is a database with built-in cryptographic proof and verification. A malicious immudb server can provide a falsified proof that will be accepted by the client SDK, signing a falsified...

GHSA-7R9X-QRPR-3CXW mofh Vulnerable to Improper Restriction of XML External Entity Reference

The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...

GHSA-P5PC-M4Q7-7QM9 Helm Unsafe Link Following

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...