Lucene search
K

195 matches found

Cvelist
Cvelist
added 2024/08/23 6:58 p.m.29 views

CVE-2024-45187 Mage AI allows deleted users to use the terminal server with admin access, leading to remote code execution

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...

7.1CVSS0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/23 6:58 p.m.18 views

CVE-2024-45187 Mage AI allows deleted users to use the terminal server with admin access, leading to remote code execution

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...

7.1CVSS7.7AI score0.00467EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/23 6:55 a.m.11 views

Authentication Bypass

mageai is vulnerable to Authentication Bypass. The vulnerability is due to insufficient authentication controls that allow remote unauthenticated access to the terminal server command history...

5.3CVSS7.7AI score0.00595EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.7 views

PT-2024-31469

Name of the Vulnerable Software and Affected Versions Mage AI framework affected versions not specified Description The issue concerns guest users in the Mage AI framework who remain logged in after their accounts are deleted. These users are mistakenly given high privileges, specifically access ...

8.8CVSS8.8AI score0.00467EPSS
Exploits0References15
OSV
OSV
added 2024/08/22 9:30 a.m.9 views

GHSA-CGRQ-WVFJ-V28J Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

6.9CVSS5.5AI score0.00595EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/08/22 9:30 a.m.17 views

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

5.3CVSS7.2AI score0.00595EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/08/22 8:15 a.m.11 views

CVE-2024-8072

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

5.3CVSS0.00595EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/22 7:52 a.m.16 views

CVE-2024-8072 Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

5.3CVSS7.3AI score0.00595EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.12 views

PT-2024-38786

Name of the Vulnerable Software and Affected Versions: Mage AI affected versions not specified Description: The issue allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users. Recommendations: At the moment, there is no information about a newer versi...

6.9CVSS6.1AI score0.00595EPSS
Exploits1References12
NVD
NVD
added 2024/08/02 11:16 a.m.25 views

CVE-2024-38876

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions, Omnivise T3000...

8.5CVSS0.00243EPSS
Exploits3References2
BDU FSTEC
BDU FSTEC
added 2024/08/02 12:0 a.m.8 views

The vulnerabilities of the components such as Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System (NIDS), Omnivise T3000 Product Data Management (PDM), Omnivise T3000 Security Server, Omnivise T3000 Terminal Server, Omnivise T3000 Thin Client, and Omnivise T3000 Whitelisting Server, along with their software-defined hardware platforms for process management and monitoring in the Siemens Omnivise T3000 system, allow attackers to disclose protected information and enhance their privileges.

The vulnerabilities of the Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System NIDS, Omnivise T3000 Product Data Management PDM, Omnivise T3000 Security Server, Omnivise T3000 Terminal Server, Omnivise T3000 Thin Client, and...

8.2CVSS7.7AI score0.00187EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.3 views

PT-2024-5380 · Omnivise · Omnivise T3000 Terminal Server +5

Name of the Vulnerable Software and Affected Versions: Omnivise T3000 Application Server R9.2 All versions Omnivise T3000 Domain Controller R9.2 All versions Omnivise T3000 Product Data Management PDM R9.2 All versions Omnivise T3000 R8.2 SP3 All versions Omnivise T3000 R8.2 SP4 All versions...

8.5CVSS7.5AI score0.00243EPSS
Exploits3References9
BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.4 views

Vulnerability of anti-virus protection tools such as Check Point ZoneAlarm, Extreme Security, and NextGen, as well as software identification tools like Check Point Identity Agent for Windows and Identity Agent for Windows Terminal Server. This vulnerability arises from improper granting of permissions to critical resources, allowing attackers to increase their privileges.

The vulnerability of the Check Point antivirus protection products, such as ZoneAlarm Extreme Security and NextGen, as well as the Check Point Identity Agent for Windows and Identity Agent for Windows Terminal Server, is related to the improper assignment of permissions to critical resources...

7.8CVSS5.5AI score0.00153EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/04/18 5:35 p.m.74 views

CVE-2024-24910

CVE-2024-24910 describes a local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. Affected components arise from incorrect permission handling for a critical resource, enabling a local attacker who ...

7.3CVSS6.7AI score0.00153EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/04/18 5:35 p.m.21 views

CVE-2024-24910 LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile

A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target...

7.1AI score0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-3070

Name of the Vulnerable Software and Affected Versions Check Point ZoneAlarm Extreme Security NextGen affected versions not specified Check Point Identity Agent for Windows affected versions not specified Check Point Identity Agent for Windows Terminal Server affected versions not specified...

7.3CVSS6.7AI score0.00153EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/11/08 12:0 a.m.8 views

The vulnerability of the NPort 6000 terminal server’s microprogramming software arises from the improper implementation of authentication algorithms, allowing attackers to escalate their privileges.

The vulnerability of the NPort 6000 terminal server’s microprogramming software is related to the improper implementation of the authentication algorithm. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...

10CVSS7.1AI score0.00313EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.17 views

The vulnerability of the CN2600 terminal server’s microprogramming software, related to the use of cryptographic algorithms containing defects, allows a hacker to compromise the connection and gain access to protected information.

The vulnerability of the microprogramming software of the terminal server CN2600 is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a malicious actor to compromise the connection and gain access to protected information...

9.4CVSS5.5AI score
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.3 views

SUSE CVE-2008-1293

ldm in Linux Terminal Server Project LTSP 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 aka display :6...

4.8CVSS7.1AI score0.0118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.4 views

SUSE CVE-2011-0900

Stack-based buffer overflow in the tsclaunchremote function src/support.c in Terminal Server Client tsclient 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostname argument...

6.8CVSS8.1AI score0.05207EPSS
Exploits1References3
Rows per page
Query Builder