Lucene search
+L

11 matches found

bdu_fstec
bdu_fstec
added 2025/06/16 12:0 a.m.10 views

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent arises from the lack of protective measures for the request structure, allowing attackers to enhance their privileges.

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using specially crafted authorized HTTP requests...

6.5CVSS5.5AI score
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2025/06/16 12:0 a.m.24 views

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent, which stems from the failure to implement protective measures for the request structure, allows attackers to enhance their privileges.

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability can allow attackers to enhance their privileges by using specially crafted authorized HTTP requests...

6.5CVSS5.5AI score
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2025/05/23 4:4 a.m.11 views

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288...

5.4CVSS6.2AI score0.00281EPSS
Exploits0References1
ibm
ibm
added 2025/01/31 8:30 p.m.14 views

Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464].

Summary IBM i is vulnerable to bypassing IBM Navigator for i interface restrictions and a server-side request forgery SSRF as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

5.4CVSS5AI score0.01417EPSS
Exploits2Affected Software4
osv
osv
added 2024/11/09 12:42 a.m.6 views

CVE-2024-52311 data.all does not invalidate authentication token upon user logout

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired...

5.3CVSS6.1AI score0.00461EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/11/09 12:0 a.m.5 views

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all that stems from the fact that authentication tokens issued via Cognito in data.all do not expire upon logout, allowing previously authenticated users to continue to perform...

6.3CVSS6.8AI score0.00461EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/11/08 12:0 a.m.11 views

PT-2024-35171 · Amazon · Amazon Cognito

Name of the Vulnerable Software and Affected Versions: Amazon Cognito affected versions not specified Description: The issue allows previously authenticated users to continue executing authorized API requests until their authentication token expires, even after logging out. This is because...

6.3CVSS6.9AI score0.00461EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/10/30 12:0 a.m.8 views

PT-2024-8210

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 5.0.30 MongoDB Server versions prior to 6.0.19 MongoDB Server versions prior to 7.0.15 MongoDB Server versions prior to and including 8.0.2 Description: The issue is related to the construction of malformed BS...

8.1CVSS6.8AI score0.00537EPSS
Exploits0References12
osv
osv
added 2023/01/11 10:15 p.m.5 views

CVE-2017-16258

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS6.4AI score0.00853EPSS
Exploits1References1
kubernetes
kubernetes
added 2020/03/23 6:35 p.m.5 views

apiserver DoS (oom)

CVSS Rating: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Medium The Kubernetes API server has been found to be vulnerable to a denial of service attack via authorized API requests. Am I vulnerable? If an attacker that can make an authorized resource request to an unpatched API server see below,...

5.3CVSS6.2AI score0.02428EPSS
Exploits0Affected Software1
nvd
nvd
added 2019/04/04 3:29 p.m.19 views

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

9CVSS6.9AI score0.01831EPSS
Exploits1References4
Rows per page
Query Builder