Atlassian Jira Service Management 4.14.x < 4.20.8 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...

Atlassian Jira Service Management 4.21.x < 4.22.2 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...

Design/Logic Flaw

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...

vantage6 代码问题漏洞

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A code issue vulnerability exists in vantage6 that stems from the token being valid indefinitely...

Information disclosure

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

PYSEC-2023-52

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

[ADC] ICA sessions are NOT sent to ADM with "Skip Code [169]"

You may observe some ICA sessions are displayed in GUI Configuration Citrix Gateway ICA Connections, but not in ADM HDX Insight. NetScaler ADC ns.log displays the following error: ICARECORD: Skipping ICA flow: ...... Skip Code 169...

The vulnerability of the vRealize Log Insight log management tool lies in the lack of protection for operational data, which allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the vRealize Log Insight log management tool is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device...

The vulnerability of the vRealize Log Insight log management tool, related to the restoration of unreliable data in memory, allows a intruder to trigger a service failure.

The vulnerability of the vRealize Log Insight log management tool is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure due to the deserialization of unreliable data...

VMware vRealize Log Insight RemotePakDownloadCommand Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RemotePakDownloadCommand function. The issue results from the lack of...

VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. The issue results from the lack of authentication...

VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getConfig function. The issue results from the lack of authentication prio...

VMware vRealize Log Insight addClusterCACertificate Deserialization of Untrusted Data Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addClusterCACertificate function. The issue results from t...

VMware vRealize Log Insight Detection Consolidation

Consolidation of VMware vRealize Log Insight detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if...

SUSE: Security Advisory (SUSE-SU-2023:0222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-2974 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows every keystroke made by any user on a computer with the Student application installed to be logged to a world-readable directory. This enables a local attack...

PT-2023-2970 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: The issue allows an attacker to create a crafted program mimicking the Teacher Console, which can compel Student Consoles to connect automatically and write arbitrary files to any location on...

PT-2023-2975 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows an unauthenticated attacker to upload any type of file to any location on the Teacher Console's computer. This enables various exploitation paths, including...

PT-2023-2969 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: The issue is related to the Teacher Console component of the Faronics Insight platform, which fails to protect the web page structure when handling the loggedInUser field. This can be exploited...

PT-2023-2966 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: The issue allows unauthenticated attackers to view constantly updated screenshots of student desktops without their consent, potentially accessing sensitive or personal data. Attackers can also...