715 matches found
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
CVE-2021-3141
In Unisys Stealth core before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration...
CVE-2020-10658
The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is...
CVE-2020-6247
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability...
CVE-2020-10657
The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker with admin or config-admin privileges in the console to execute arbitrary code with local...
CVE-2019-15654
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login...
CVE-2019-0287
Under certain conditions SAP BusinessObjects Business Intelligence platform Central Management Server, versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted...
CVE-2019-15656
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...
NetScaler - Error "Registration of device failed" when adding license server.
After recently deploying and registering a NetScaler Console formerly ADM Agent and trying to add it as a license server on a NetScaler device you get the error "Registration of device failed Sending request to mgmtserver failed"...
CVE-2025-1688
CVE-2025-1688 affects Milestone XProtect installer behavior where upgrading from older versions using 2024 R1/R2 installers resets the Management Server’s system configuration password. The vulnerability is triggered during upgrade processes and could bypass password protection, potentially impac...
Command Execution Vulnerability in the Management Server of Guangdong Paulan Electronics Co.
Ltd. is a high-tech enterprise integrating R&D, design, production, sales and service of audio-visual system overall solution products. There is a command execution vulnerability in the itc center management server of Guangdong Paulan Electronics Co., Ltd, which can be exploited by attackers to...
Denial Of Service (DoS)
github.com/treeverse/lakefs is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in handling pre-signed multipart upload requests, allowing an attacker to crash the server and disrupt availability...
CVE-2024-24911
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache...
CVE-2024-24911
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache...
CVE-2024-24911
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache...
CVE-2024-24911 Out of Bounds read in the CPCA process on Check Point Management Server
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache...
CVE-2024-24911 Out of Bounds read in the CPCA process on Check Point Management Server
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache...
CVE-2024-24911
CVE-2024-24911 affects the Check Point Management Server / Domain Management Server cpca process. An Out-of-Bounds read can occur when handling certain HTTP POSTs to TCP port 18264, potentially causing the cpca process to exit and produce a core dump. When cpca is down, VPN and SIC connectivity m...
CVE-2025-0542
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally...
Check Point Response to CVE-2024-24911 - Out of Bounds read in the CPCA process on a Check Point Management Server
Cause An Out-of-Bounds read may occur when processing certain HTTP "POST" requests to the Security Management Server / Domain Management Server to the TCP port 18264. Repeated requests can cause a denial-of-service DoS of the cpca process and may lead it to exit unexpectedly with a core dump file...