1080 matches found
Zoho ManageEngine ADManager Plus Authorization Issues Vulnerability
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
GHSA-GJ2R-PHWG-6RWW Kubernetes users may update Pod labels to bypass network policy
Impact An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect:...
PT-2023-26893 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.14.2 Cilium versions prior to 1.13.7 Cilium versions prior to 1.12.14 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update po...
CVE-2023-41301
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2023-41301
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2023-41301
CVE-2023-41301 describes a vulnerability in the PMS module enabling unauthorized API access, with exploitation potentially causing features to behave abnormally. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and ...
CVE-2023-41301
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...
PT-2023-27889 · Unknown · Pms Module
Name of the Vulnerable Software and Affected Versions: PMS module affected versions not specified Description: The issue concerns unauthorized API access in the PMS module, which may lead to abnormal feature performance upon successful exploitation. Recommendations: At the moment, there is no...
MinIO Security Feature Bypass Vulnerability
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket to conduct privilege escalation. To carry out this attack, the attacker requires...
PT-2023-30290 · Unknown · Codemeter Runtime
Name of the Vulnerable Software and Affected Versions: CodeMeter Runtime versions prior to 7.60c Description: The issue is related to an Improper Privilege Management vulnerability, which occurs due to the incorrect use of privileged APIs in CodeMeter Runtime. This allows a local, low-privileged...
CVE-2023-1555
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
CVE-2023-1555
Removed by vendor...
GitLab 15.2 < 16.1.5 / 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2023-1555)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespac...
PT-2023-27521 · Ironic +2 · Ironic +2
Name of the Vulnerable Software and Affected Versions: ironic-image versions prior to capm3-v1.4.3 Description: The issue arises when Ironic is not deployed with TLS and does not have API and Conductor split into separate services, resulting in unprotected access to the API. By default, Ironic AP...
CVE-2023-35082
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. Recent assessments: sfewer-r7 at...
Ivanti Endpoint Manager Mobile < 11.3 Remote Unauthenticated API Access (CVE-2023-35082)
The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.3. It is, therefore, affected by an undisclosed unauthenticated API access vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the service's...
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
When this blog was originally published on August 2, it said that CVE-2023-35082 only affected MobileIron Core 11.2 and earlier, which are unsupported. On August 7, Ivanti published an updated advisory noting that since originally disclosing CVE-2023-35082, they have continued their investigation...
CVE-2023-26449
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
A vulnerability discovered in Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names, phone numbers, and other mobile...