Lucene search
K

84 matches found

SUSE CVE
SUSE CVE
added 2024/04/10 2:16 a.m.5 views

SUSE CVE-2024-28224

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service resource exhaustion...

6.6CVSS6.9AI score0.00334EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.7 views

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.29 that stems from the presence of a DNS rebinding vulnerability that could inadvertently allow remote access to the full API, which...

6.6CVSS6.3AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2023/12/14 8:15 p.m.28 views

CVE-2023-45894

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...

10CVSS0.01205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/14 8:15 p.m.10 views

CVE-2023-45894

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...

10CVSS6.4AI score0.01205EPSS
Exploits0References2
Prion
Prion
added 2023/12/14 8:15 p.m.22 views

Remote code execution

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...

7.5CVSS8.1AI score0.01205EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/14 12:0 a.m.35 views

CVE-2023-45894

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...

9.9AI score0.01205EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.3 views

Parallels Remote Application Server Security Vulnerability

Parallels Remote Application Server RAS is an application delivery cum VDI Virtual Desktop Infrastructure solution from Parallels, Inc. in the United States. A security vulnerability exists in Parallels Remote Application Server versions prior to 19.2.23975, which stems from the fact that the...

10CVSS7.9AI score0.01205EPSS
Exploits0References2
CVE
CVE
added 2023/12/14 12:0 a.m.44 views

CVE-2023-45894

CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...

10CVSS9.6AI score0.01205EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.6 views

PT-2023-29752 · Parallels · Parallels Ras

Name of the Vulnerable Software and Affected Versions: Parallels RAS versions prior to 19.2.23975 Description: The issue allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques because the Remote Application Server in Parallels RAS does not segment...

10CVSS7.5AI score0.01205EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.22 views

ManageEngine SupportCenter Plus < 11.0 Build 11025 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine SupportCenter Plus prior to 11.0 Build 11025. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...

6.5CVSS6.5AI score0.0296EPSS
Exploits0References3
NVD
NVD
added 2022/11/23 12:15 a.m.24 views

CVE-2022-40870

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...

8.1CVSS0.01048EPSS
Exploits1References2
OSV
OSV
added 2022/11/23 12:15 a.m.5 views

CVE-2022-40870

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...

8.1CVSS6AI score0.01048EPSS
Exploits1References2
Prion
Prion
added 2022/11/23 12:15 a.m.18 views

Design/Logic Flaw

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...

5.1CVSS8.4AI score0.01048EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/22 12:0 a.m.63 views

CVE-2022-40870

CVE-2022-40870 affects the Web Client of Parallels Remote Application Server v18.0. The issue is a Host Header Injection that allows an attacker to execute arbitrary commands via a crafted payload in the Host header. CVSSv3.1 base score 8.1 (High) with network access, high complexity, no privileg...

8.1CVSS8.4AI score0.01048EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.9 views

CVE-2022-40870

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...

8.4AI score0.01048EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/22 12:0 a.m.22 views

PT-2022-25595 · Parallels · Parallels Remote Application Server

Name of the Vulnerable Software and Affected Versions: Parallels Remote Application Server version 18.0 Description: The issue allows attackers to execute arbitrary commands via a crafted payload injected into the Host header, which is a result of a Host Header Injection attack. This enables...

8.1CVSS8.6AI score0.01048EPSS
Exploits1References5
Microsoft KB
Microsoft KB
added 2022/01/25 12:0 a.m.5 views

January 25, 2022—KB5009608 (OS Build 20348.502) Preview

January 25, 2022—KB5009608 OS Build 20348.502 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/12/21 12:0 a.m.18 views

Unspecified Vulnerability in Parallels Remote Application Server

Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. A security vulnerability exists in Parallels Remote Application Server RAS that originated from a vulnerability that allows a local attacker to retrieve certain...

7.1CVSS6.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2021/12/17 4:10 p.m.47 views

CVE-2020-8968

CVE-2020-8968 affects Parallels Remote Application Server (RAS). A local attacker can retrieve certain profile passwords in clear text by uploading a previously stored cyphered file, compromising confidentiality (and potentially integrity/availability of user data). Exploitation is local and requ...

7.1CVSS6.8AI score0.00272EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.4 views

Parallels Remote Application Server 安全漏洞

Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. A security vulnerability exists in Parallels Remote Application Server RAS that originated from a vulnerability that allows a local attacker to retrieve certain...

7.1CVSS5.6AI score0.00272EPSS
Exploits0References2
Rows per page
Query Builder