21 matches found
CVE-2019-14411
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI SEC-473...
Amazon DCV Client <= 2023.1.6203 MITM
The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
Amazon DCV Client <= 2023.1.8993 MITM
The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
Amazon DCV Client Installed (macOS)
Binary data amazondcvclientmacosinstalled.nbin...
Amazon DCV Client Installed (Linux)
Binary data amazondcvclientlinuxinstalled.nbin...
Amazon DCV Client Installed (Windows)
Binary data amazondcvclientwininstalled.nbin...
CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients
An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...
CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients
An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...
CVE-2025-0500
CVE-2025-0500 describes a man-in-the-middle vulnerability in the native clients for Amazon WorkSpaces (DCV), Amazon AppStream 2.0, and Amazon DCV clients that could allow an attacker to access remote sessions. Connected sources enumerate concrete vulnerable components/versions: Amazon AppStream 2...
Amazon多款产品 信任管理问题漏洞
Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...
libsoup: infinite loop while reading websocket data
A flaw was found in Libsoup. The soupwebsocketconnectionread function uses a loop that reads incoming WebSocket data via the glib library. This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from...
CVE-2019-14412
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...
CVE-2019-14411
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI SEC-473...
CVE-2019-14411
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI SEC-473...
CVE-2019-14412
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...
Design/Logic Flaw
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI SEC-473...
Format string
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...
CVE-2019-14412
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...
CVE-2019-14412
CVE-2019-14412 affects cPanel before 78.0.2, where the Maketext function can perform a format-string injection via the DCV domain validation via DNS UAPI (SEC-474). The underlying issue is a formatting string handling flaw in Maketext, enabling injection within the DCV check_domains_via_dns UAPI....
CVE-2019-14411
CVE-2019-14411 affects cPanel prior to 78.0.2. The vulnerability arises because the DCV UAPI does not properly restrict demo accounts from writing to files, enabling an attacker to write to files via the DCV UAPI (SEC-473). Impact is implicit in the description: unauthorized file writes by demo a...