23 matches found
EUVD-2025-199539
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
EUVD-2021-8808
Malicious code in bioql PyPI...
Ivanti Connect Secure 22.x < 22.7R2.3
The Ivanti Connect Secure installed on the remote host is prior to 22.7R2.3. It is, therefore, affected by a information disclosure vulnerability in the admin portal. A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local...
CVE-2024-34787
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-9843
CVE-2024-9843 is a buffer over-read in Ivanti Secure Access Client prior to 22.7R4 that allows a local unauthenticated attacker to cause a denial of service. Connected sources confirm the issue affects Ivanti Secure Access Client and note the vulnerability is addressed by upgrading to version 22....
CVE-2024-9843
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service...
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
PT-2024-3634 · Dell · Dell Powerscale Onefs
Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 Description: The issue is related to an allocation of resources without limits or throttling, which could be exploited by a local unauthenticated attacker to cause a denial of service...
Information Disclosure
sosreport is vulnerable to information disclosure. A local unauthenticated attacker is able to gain access to RHV admin passwords due to the flawed business logic in postproc function in ovirt.py...
CVE-2022-0691
An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character \b while submitting a URL. This vulnerability can enable bypassing any hostname checks...
CVE-2022-0686
An authorization bypass flaw was found in url-parse. While submitting a URL, a local unauthenticated attacker can add a trailing colon :, but omit the port number. This issue enables an open redirect that allows the exposure of sensitive information or spamming of infrastructure outside the...
CVE-2021-21587
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...
Path traversal
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...
CVE-2021-21587
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...
CVE-2021-21536
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information...
CVE-2021-21537
Dell Hybrid Client exposes an information disclosure vulnerability in versions prior to 1.5. An attacker with local access (no authentication) could view and exfiltrate sensitive data from the system. Affected product: Dell Hybrid Client (prior to 1.5). Root cause: information exposure in the cli...
Arbitrary File Write
LPRng is vulnerable to arbitrary file write. A local unauthenticated attacker could overwrite arbitrary files via a symbolic link attack on the /tmp/before file of the psbanner component...