23 matches found
CVE-2026-3590
Mattermost CVE-2026-3590 describes a race condition in the guest magic link authentication flow that fails to enforce atomic single-use for tokens. A valid magic link can be used to establish multiple independent authenticated sessions via concurrent requests on affected versions: Mattermost 10.1...
CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...
CVE-2026-30225
CVE-2026-30225 (OliveTin) : An authentication context confusion in RestartAction prior to 3000.11.1 allows a low-privileged authenticated user to bypass ACLs and execute privileged shell actions via a synthetic request that loses the original caller’s authentication headers, causing the resolver ...
CVE-2020-36870
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
EUVD-2020-30818
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2020-36870
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2020-36870 Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2020-36870
CVE-2020-36870 affects Ruijie Gateway EG and Ruijie NBR series (firmware versions 11.1(6)B9P1 through 11.9(4)B12P1 are vulnerable). Root cause is a code execution vulnerability in the EWEB management system that can be abused via front-end functionality; when features such as guest authentication...
VulnCheck KEV: CVE-2020-36870
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
PT-2025-45510
Name of the Vulnerable Software and Affected Versions Ruijie Gateway EG and NBR models versions 11.16B9P1 through 11.94B12P1 Description The EWEB management system in various Ruijie Gateway EG and NBR models contains a code execution issue. Attackers can exploit front-end code when features like...
SUSE-SU-2023:3795-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Update to 12.3.0 build 22234872 bsc1214850 - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900...
OESA-2023-1630 open-vm-tools security update
The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...
USN-6257-1 open-vm-tools vulnerability
It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. CVE-2023-20867...
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service VGAuthService.exe from running in a guest Windows environment and can crash this service, thus rendering the guest unstable. In some very contrived circumstances, the attacker can leak file content to which they d...
Swift File Transfer Mobile Cross Site Scripting / Information Disclosure
Document Title: =============== Swift File Transfer Mobile - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2205 Release Date: ============= 2020-04-17 Vulnerability Laboratory ID VL-ID: ====================================...
Barracuda MAS - (ldap_load_entry.cgi) XSS Vulnerability
Document Title: =============== Barracuda MAS - ldaploadentry.cgi XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2168 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20369 CVE-ID: ======= CVE-2018-20369 Release Date:...
openSUSE Security Update : open-vm-tools (openSUSE-2017-385)
This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...
SUSE SLED12 / SLES12 Security Update : open-vm-tools (SUSE-SU-2017:0702-1)
This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...
SUSE-SU-2017:0701-1 Security update for open-vm-tools
This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand -...
SUSE-SU-2017:0705-1 Security update for open-vm-tools
This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand -...