PT-2024-35496 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can...

CVE-2024-52528

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

CVE-2024-52528

CVE-2024-52528 affects Budget Control Gateway, a gateway component routing requests to Budget Control microservices. The root cause is improper validation of auth tokens, which can let attackers bypass access restrictions. Affects Budget Control Gateway versions prior to 1.5.2; CVSS 4.0 base scor...

CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

CVE-2024-10311 External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edbaadminhandle' function. This makes it possible for authenticated attackers, with subscriber-level permissions...

PT-2024-35357 · Unknown · Budget Control Gateway

Name of the Vulnerable Software and Affected Versions: Budget Control Gateway versions prior to 1.5.2 Description: The Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. It does not properly validate auth tokens...

CVE-2024-8535

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as...

CVE-2024-8535

Affected products: Citrix NetScaler ADC and NetScaler Gateway. Vulnerability: Authenticated users can access unintended user capabilities when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with Kerberos SSO using a KCDAccount, or as an Auth Server (AAA Vserver) wi...

CVE-2024-8534 Memory safety vulnerability leading to memory corruption and Denial of Service

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway VPN Vserver with RDP Feature enabled OR the appliance must be configured as a Gateway VPN Vserver and RDP Proxy Server Profile is created an...

CVE-2024-8534 Memory safety vulnerability leading to memory corruption and Denial of Service

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway VPN Vserver with RDP Feature enabled OR the appliance must be configured as a Gateway VPN Vserver and RDP Proxy Server Profile is created an...

CVE-2024-8534

Summary: CVE-2024-8534 is a memory safety vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause memory corruption and Denial of Service when the device is configured as a Gateway/VPN Vserver with RDP features enabled (or with an RDP Proxy Server Profile) or when the Auth Serv...

Moderate: Red Hat Security Advisory: postfix security update

An update for postfix is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:9243 Moderate: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: SMTP smuggling vulnerability CVE-2023-51764 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

CVE-2023-52268

CVE-2023-52268 affects the FreeScout End-User Portal module pre-1.0.65. The root cause is improper session token handling at the /auth endpoint, enabling an attacker to authenticate as arbitrary users and impersonate them to access their tickets. Impact is high confidentiality/integrity loss with...

PT-2024-8973 · Citrix · Citrix Netscaler Application Delivery Controller +1

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler Application Delivery Controller ADC and Citrix NetScaler Gateway affected versions not specified Description: The issue is related to a memory safety vulnerability that can lead to memory corruption and Denial of Service in...

SUSE CVE-2024-50215

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...

ZKTeco ZKBio Time 安全漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...

CVE-2024-50215

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...