41 matches found
CVE-2025-32835
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker to bypass authorization...
CVE-2025-2003
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...
CVE-2024-42449
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine...
VulnCheck KEV: CVE-2024-42448
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution RCE on the VSPC server machine...
Veeam Service Provider Console 安全漏洞
Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.1 that originates from a remote code execution that can be performed by a management agent machine on a VSPC server machine with server...
FAS raises error "Server [*****$] is not authorized to assert identities using rule
After clicking the icon, the APP launch fails with following event log on FAS server Log Name: Application Source: Citrix.Authentication.FederatedAuthenticationService Date: 7/12/1999 10:10:04 AM Event ID: 101 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: FASTEST.fasS.c...
IdentiBot 安全漏洞
IdentiBot is an open source Discord bot at MIT University written in Node.js that is used to verify an individual's affiliation with MIT, grant them a role in the Discord server, and store information about them in a database backend. IdentiBot has a security vulnerability that stems from members...
PT-2024-13963 · Lexmark · Lexmark Devices
Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A buffer overflow vulnerability has been identified in the Internet Printing Protocol IPP in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute...
CVE-2024-2435
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...
Candlepin Security Breach
Candlepin is a collection of tools that allow companies to manage software subscriptions. A security vulnerability exists in Candlepin that stems from a security flaw in the authorization checking of the server component...
EulerOS Virtualization 2.9.1 : libX11 (EulerOS-SA-2021-2744)
According to the versions of the libX11 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11...
openSUSE 15 Security Update : libX11 (openSUSE-SU-2021:1897-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1897-1 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor...
OESA-2021-1235 libX11 security update
Core X11 protocol client library. Security Fixes: LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended for server-side color lookup contains a flaw allowing a client to send color-name...
Authorization
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended for server-side color lookup contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allow...
CVE-2021-31535
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended for server-side color lookup contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allow...
Apache Solr Information Disclosure Vulnerability
Apache Solr is a standalone enterprise-class search application server. Apache Solr information disclosure vulnerability can be exploited by an attacker to gain unauthorized access to server authentication and authorization profiles...
CVE-2019-15683
CVE-2019-15683 affects TurboVNC server. A stack-based buffer overflow exists in code prior to commit cea98166008301e614e0d36776bf9435a536136e, due to insufficient stack canary protection. The vulnerability can be exploited over the network and requires server authorization to trigger. Patches fix...
Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability
Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. A denial-of-service vulnerability exists ...
server: patch operation should use patched object to check admission control
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space...
RHEL 7 : 389-ds-base (RHSA-2015:0895)
Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...