The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent, which stems from the failure to implement protective measures for the request structure, allows attackers to enhance their privileges.

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability can allow attackers to enhance their privileges by using specially crafted authorized HTTP requests...

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent arises from the lack of protective measures for the request structure, allowing attackers to enhance their privileges.

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using specially crafted authorized HTTP requests...

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288...

Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464].

Summary IBM i is vulnerable to bypassing IBM Navigator for i interface restrictions and a server-side request forgery SSRF as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

CVE-2024-52311

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired...

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all that stems from the fact that authentication tokens issued via Cognito in data.all do not expire upon logout, allowing previously authenticated users to continue to perform...

PT-2024-35171 · Amazon · Amazon Cognito

Name of the Vulnerable Software and Affected Versions: Amazon Cognito affected versions not specified Description: The issue allows previously authenticated users to continue executing authorized API requests until their authentication token expires, even after logging out. This is because...

PT-2024-8210

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 5.0.30 MongoDB Server versions prior to 6.0.19 MongoDB Server versions prior to 7.0.15 MongoDB Server versions prior to and including 8.0.2 Description: The issue is related to the construction of malformed BS...

CVE-2017-16258

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...