(0Day) Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Ivanti Secure Access Client Competitive Conditions Vulnerability

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. that is primarily used to enable remote secure access with support for enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from a competitive condition...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that OAuth2 client secrets are stored in a recoverable manner so that an attacker...

Ivanti Secure Access Client Improper Authorization Vulnerability

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. that is primarily used to enable remote secure access with support for enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an improper authorization...

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-29211

CVE-2024-29211 is a race condition in Ivanti Secure Access Client prior to 22.7R4. A local authenticated attacker can modify sensitive configuration files due to synchronization issues when accessing shared resources. Affected product: Ivanti Secure Access Client (Windows/Linux/macOS). Impact sta...

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-8539

CVE-2024-8539 : Ivanti Secure Access Client is affected by improper authorization that allows a local authenticated attacker to modify sensitive configuration files. Affected software: Ivanti Secure Access Client prior to version 22.7R3. Impact: local privilege via manipulation of configuration f...

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. that is primarily used to enable remote secure access with support for enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an improper authorization...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2881)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2024-2900)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests.aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/...

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2024-2808)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

Security Bulletin: IBM Security Guardium Key Lifecycle Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Guardium Key Lifecycle Manager. Vulnerability Details CVEID:CVE-2024-49817 DESCRIPTION: IBM Security Guardium Key Lifecycle Manager stores user credentials in configuration files which can be read by a loc...