84 matches found
SUSE CVE-2024-28224
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service resource exhaustion...
Ollama 安全漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.29 that stems from the presence of a DNS rebinding vulnerability that could inadvertently allow remote access to the full API, which...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
Remote code execution
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
Parallels Remote Application Server Security Vulnerability
Parallels Remote Application Server RAS is an application delivery cum VDI Virtual Desktop Infrastructure solution from Parallels, Inc. in the United States. A security vulnerability exists in Parallels Remote Application Server versions prior to 19.2.23975, which stems from the fact that the...
CVE-2023-45894
CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...
PT-2023-29752 · Parallels · Parallels Ras
Name of the Vulnerable Software and Affected Versions: Parallels RAS versions prior to 19.2.23975 Description: The issue allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques because the Remote Application Server in Parallels RAS does not segment...
ManageEngine SupportCenter Plus < 11.0 Build 11025 Privilege Escalation
A privilege escalation vulnerability exists in ManageEngine SupportCenter Plus prior to 11.0 Build 11025. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...
CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
Design/Logic Flaw
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
CVE-2022-40870
CVE-2022-40870 affects the Web Client of Parallels Remote Application Server v18.0. The issue is a Host Header Injection that allows an attacker to execute arbitrary commands via a crafted payload in the Host header. CVSSv3.1 base score 8.1 (High) with network access, high complexity, no privileg...
CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
PT-2022-25595 · Parallels · Parallels Remote Application Server
Name of the Vulnerable Software and Affected Versions: Parallels Remote Application Server version 18.0 Description: The issue allows attackers to execute arbitrary commands via a crafted payload injected into the Host header, which is a result of a Host Header Injection attack. This enables...
January 25, 2022—KB5009608 (OS Build 20348.502) Preview
January 25, 2022—KB5009608 OS Build 20348.502 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find...
Unspecified Vulnerability in Parallels Remote Application Server
Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. A security vulnerability exists in Parallels Remote Application Server RAS that originated from a vulnerability that allows a local attacker to retrieve certain...
CVE-2020-8968
CVE-2020-8968 affects Parallels Remote Application Server (RAS). A local attacker can retrieve certain profile passwords in clear text by uploading a previously stored cyphered file, compromising confidentiality (and potentially integrity/availability of user data). Exploitation is local and requ...
Parallels Remote Application Server 安全漏洞
Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. A security vulnerability exists in Parallels Remote Application Server RAS that originated from a vulnerability that allows a local attacker to retrieve certain...