6674 matches found
CVE-2023-50935
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...
Code injection
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...
CVE-2023-50941 IBM PowerSC session fixation
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...
PT-2024-1440 · Kaspersky · Kaspersky Security 8.0 For Linux Mail Server
Name of the Vulnerable Software and Affected Versions: Kaspersky Security 8.0 for Linux Mail Server Description: The issue allows an attacker to potentially force an administrator to click on a malicious link to perform unauthorized actions. This is due to the lack of measures to neutralize speci...
CVE-2023-4551 Command Injection via Task Scheduler
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...
CVE-2023-1705
Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows bgAutoinstaller service modules allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554...
CVE-2023-1705
Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows bgAutoinstaller service modules allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554...
CVE-2023-1705
Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows bgAutoinstaller service modules allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554...
CVE-2024-1015
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
CVE-2024-23790
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1...
CVE-2024-23790
CVE-2024-23790 describes an Improper Input Validation vulnerability in OTRS avatar upload, caused by missing filetype checks. Affected product versions are: OTRS 7.0.X up to 7.0.48, OTRS 8.0.X up to 8.0.37, and OTRS released in 2023 up to 2023.1.1. Public details in the connected PT-Security advi...
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Cybersecurity researchers have identified malicious packages on the open-source Python Package Index PyPI repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM,...
PT-2024-11942 · Forcepoint · Forcepoint F|One Smartedge Agent
Name of the Vulnerable Software and Affected Versions: Forcepoint F|One SmartEdge Agent versions prior to 1.7.0.230330-554 Description: The issue is related to a Missing Authorization vulnerability in the bgAutoinstaller service modules of Forcepoint F|One SmartEdge Agent on Windows, allowing...
CVE-2024-0841
A null pointer dereference flaw was found in the hugetlbfsfillsuper function in the Linux kernel hugetlbfs HugeTLB pages functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...
RUSTSEC-2024-0397 `conrod` is unmaintained
The crate conrod has been deprecated since version 0.62.0 released in December 2018. The functionality was split across multiple different crates, with the core functionality being transferred to conrodcore. An overview can be found in the conrod repository. If you have this crate in your...
Linux kernel code issue vulnerability (CNVD-2024-14763)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a code issue vulnerability that stems from the fact that in the nftbyteordereval function, the code iteratively loops and writes dst0, dst1, dst2, etc., and...
PT-2024-19330 · Unknown · Simple Membership
Name of the Vulnerable Software and Affected Versions: Simple Membership versions through 4.4.1 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the Simple Membership plugin. Recommendations: For...
CVE-2023-44395 Autolab has Path Traversal vulnerability in Assessment functionality
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform...
CVE-2024-0771
A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approache...