CVE-2024-53408

The set of connected records confirms CVE-2024-53408 affects AVE System Web Client, version 2.1.131.13992, with a cross-site scripting (XSS) vulnerability. The core detail available across sources is the existence of an XSS flaw in AVE System Web Client v2.1.131.13992; no explicit root-cause tech...

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...

Information Disclosure

io.apiman: apiman-manager-api-rest-impl is vulnerable to Information Disclosure. An authenticated attacker is able to gain access to API keys they do not have permission for if they correctly guess the URL which includes Organisation ID, Client ID, and Client Version. Access to the non-permitted...

Design/Logic Flaw

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

PT-2023-21868 · Apiman · Apiman

Name of the Vulnerable Software and Affected Versions: Apiman versions prior to 3.1.0.Final Description: Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may gain access to API keys they do not have permission for if they correctly guess the URL, which...

DNS resolution issue with new 13.0.86.17 client

ADC version 13.0.86.17, with 'Citrix Secure Access' VPN client the same version, shows as version 22.2.1.103 in the client. The old client was 13.0.58.30 shown as 21.3.1.2 1. Some users report that on the new client they cannot resolve any DNS record...

CVE-2022-38176

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...

YSoft SAFEQ 6 安全漏洞

YSoft SAFEQ 6 is an Enterprise Print Management Suite solution platform from YSoft Czech Republic. A security vulnerability exists in YSoft SAFEQ 6 versions prior to 6.0.72, which stems from incorrect permissions being configured as part of the installer package for the Client V3 service, and can...

PT-2022-24258 · Ysoft · Y Soft Safeq

Name of the Vulnerable Software and Affected Versions: YSoft SAFEQ versions prior to 6.0.72 Description: An issue in YSoft SAFEQ allows for local user privilege escalation. This is due to incorrect privileges configured as part of the installer package for the Client V3 services, enabling an...

CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

Intel Unite® Client for Windows Advisory

Summary: Potential security vulnerabilities in the Intel Unite® Client for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-0112 Description: Unquoted service path in the Intel UniteR...

OwnCloud Injection Vulnerability

OwnCloud is a suite of personal cloud storage solutions from OwnCloud USA. An injection vulnerability exists in OwnCloud client versions prior to 2.7, which can be exploited by an attacker to load development plugins from certain directories using the desktop client...

Troubleshooting Citrix Pass-Through Authentication

This article outlines workarounds and resolutions to specific Citrix pass-through authentication issues. Common Pass-Through Authentication Issues and Inquiries Refer to the following links for information on common pass-through authentication issues and inquiries: Citrix Docs - Enabling...

Ethereum Aleth 缓冲区错误漏洞

Ethereum Aleth is a C++-based client application from the Ethereum community that supports the Ethereum protocol. A denial of service vulnerability exists in Aleth Ethereum C++ client version =1.8.0, which originates in the config.json file and may result in a denial of service. No details of the...

CVE-2020-14978

An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine...

Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearCase (CVE-2019-15903)

Summary IBM Rational ClearCase is affected by an Expat library heap-based buffer over-read in XMLGetCurrentLineNumber leading to a denial of service vulnerability Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer...

CVE-2019-6656

BIG-IP APM Edge Client before version 7.1.8 7180.2019.508.705 logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM...

Cross site request forgery (csrf)

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...