CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

Adding Akamai Shared Domains to the Public Suffix List

Akamai plans to submit a number of our shared domains to the “PRIVATE” section of the Public Suffix List PSL at some point on or after March 31, 2022. The PSL contains multi-party domain suffixes and is used by a wide range of client software for example, web browsers to implement policy decision...

Accops HyWorks安全漏洞

Accops HyWorks is a suite of solutions consisting of software and hardware from Accops India. It is used to instantly and securely access enterprise applications remotely from anywhere, on any device and from any network. A buffer overflow vulnerability exists in the Accops HyWorks Windows Client...

The vulnerability of client software for various remote access protocols, such as Putty, arises from the possibility of executing operations beyond the buffer in memory. This allows attackers to cause service failures.

The vulnerability of client software against various remote access protocols like Putty is related to an error in exiting the operation beyond the buffer in memory. This caused the window to repeatedly change its header at high speeds. Exploiting this vulnerability could allow a malicious actor t...

Security Bulletin: A vulnerability in the GSKit component of Client Software Development Kit (CSDK) (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit, component of Informix Client Software Development Kit CSDK Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit...

Vulnerabilities fixed in Cisco Webex Meetings and Webex Server

Cisco has fixed vulnerabilities in Webex Meetings, Webex Meetings Server, Webex Teams and Webex client software. The vulnerabilities allow a malicious person, possibly remotely, to able to launch attacks that result in the following categories of damage: Circumvention of security measure. Remote...

Mozilla Thunderbird has an unspecified vulnerability (CNVD-2021-54708)

Mozilla Thunderbird is a set of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. Mozilla Thunderbird has a security vulnerability that could be exploited by remote attackers to bypass implemented security restrictions...

1E Client elevation of privilege vulnerability (CNVD-2021-02033)

1E Client is an agent-less endpoint management software from 1E 1E Client USA. An elevation of privilege vulnerability exists in 1E Client version 5.0.0.745. The vulnerability stems from the Inventory module not properly handling unreferenced paths. An authenticated attacker can exploit this...

Command Execution Vulnerability in Homework Help Live Classes Student Side PC Client Software

Homework Help Live Classes is a premium online live tutoring product under Homework Help. Homework Help Live Classes student-side pc client software has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into the client process. An attacker can...

Command Execution Vulnerability in Driver's License Client Software

Driver's test is a professional software for learning traffic regulations. There is a command execution vulnerability in the Driving Exam Bao Dian client software, which can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...

Ape Programming client software suffers from a DLL hijacking vulnerability

Ape Programming is a children's programming learning tool with a beautiful interface, practical functions and convenient operation. Ape Programming client software has a DLL hijacking vulnerability, which can be exploited by an attacker to inject an executable DLL file into the client process to...

Vulnerability in client (CVE-2020-25696)

psql's \gset allows overwriting specially treated variables The \gset meta-command, which sets psql variables based on query results, does not distinguish variables that control psql behavior. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute...

Vulnerability in client (CVE-2020-25694)

Reconnection can downgrade connection security settings Many PostgreSQL-provided client applications have options that create additional database connections. Some of those applications reuse only the basic connection parameters e.g. host, user, port, dropping others. If this drops a...

Apache Olingo CVE-2020-1925 Server Side Request Forgery Access Bypass Vulnerability

Description Apache Olingo is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Olingo versions prior to 4.7.1 are vulnerable. Technologies Affected Apache Oling...

DLL Hijacking Vulnerability in IS Voice pc Client Software

IS Voice for PC is a voice online group chat tool designed and developed for Chinese gamers. IS Voice for PC can provide stable and high-quality voice service, and it is a full-featured multiplayer voice software. IS Voice pc client software has a DLL hijacking vulnerability, which can be exploit...

DLL Hijacking Vulnerability in LePlay Screen Casting pc Client Software

LePlay Screen Casting for PC, LePlay Screen Casting for PC is a smart computer screen casting software. LePlay screen casting pc client software exists DLL hijacking vulnerability, attackers can use the vulnerability in the client process to inject executable DLL file, to perform arbitrary...

Multiple F5 Products CVE-2019-6665 Man in the Middle Security Bypass Vulnerability

Description Multiple F5 Products are prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. The following products are vulnerable: BIG-IP ASM 15.0.0 throu...

Drupal Booking and Availability Management Tools Module Access Bypass Vulnerability

Description The Booking and Availability Management Tools BAT module for Drupal is prone to an access-bypass vulnerability. Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Booking and Availability...

Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks may cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

Btlejack - Bluetooth Low Energy Swiss-army Knife

Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices...