11 matches found
keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token
A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to insufficient peer verification logic in the verifyPeerCert function. An attacker can impersonate privileged API components and execute unauthorized operations by compromising a single instance and...
The vulnerability of the agent for Windows software used in automated programming and documentation creation for Unicam FX assembly, which allows a perpetrator to increase their privileges.
The vulnerability of the Windows software agent for automated programming and documentation generation for Unicam FX assembly is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker to increase their privileges...
PT-2023-28842 · Google · Android Debug Bridge +1
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue allows a low-privileged application to modify a critical system property, enabling the exposure of the Android Debug Bridge ADB protocol on the network. This can be exploited to...
CVE-2023-25645
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and...
CVE-2022-46308
SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information...
CVE-2021-36235
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges...
CVE-2021-25356
CVE-2021-25356 pertains to Samsung’s Managed Provisioning. An improper caller check prior to SMR APR-2021 Release 1 allows an unprivileged application to install arbitrary applications, grant device admin permissions, and subsequently delete multiple installed apps. The issue’s root cause is an i...
The vulnerability of the Firmware component of the Mac OS X operating system, which allows a hacker to modify the EFI flash memory regions
The vulnerability of the Firmware component of the Mac OS X operating system is related to insufficient access control. Exploiting this vulnerability could allow an attacker to modify the EFI flash memory areas using a specially crafted privileged application...
CentOS Update for openssl CESA-2013:0587 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Security Advisory: FreeBSD-SA-00:53.catopen
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:53 Security Advisory FreeBSD, Inc. Topic: catopen may pose security risk for third party code Category: core Module: libc Announced: 2000-09-27 Affects: FreeBSD...