257 matches found
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators...
GO-2025-3609 Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server
Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server...
CVE-2025-32093
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...
PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement
Overview PDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within their network. PDQ Deploy uses "run modes" to deploy software to their target devices. The run mode "Deploy User" insecurely creates credentials on th...
CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...
OpenIPMI security update
An update is available for OpenIPMI. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenIPMI packages provide command-line tools and utilities to access...
Moderate: Red Hat Security Advisory: OpenIPMI security update
An update for OpenIPMI is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
RHEL 9 : OpenIPMI (RHSA-2024:8037)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8037 advisory. The OpenIPMI packages provide command-line tools and utilities to access platform information using Intelligent Platform Management Interface IPMI...
Moderate: OpenIPMI security update
The OpenIPMI packages provide command-line tools and utilities to access platform information using Intelligent Platform Management Interface IPMI. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. Security Fixes: openipmi: missing check on the...
CVE-2024-45408
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-25661
In Infinera TNMS Transcend Network Management System 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application...
CVE-2024-45408
CVE-2024-45408 — eLabFTW : An incorrect permission check could allow an authenticated user to access restricted information; if anonymous access is enabled, it may affect anyone. Affected software: eLabFTW (open source electronic lab notebook). Root cause: faulty access control logic. Impact: pot...
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
CVE-2024-25632
CVE-2024-25632 affects eLabFTW. A regular user can become an administrator of a team where they are a member under a reasonable configuration, and in versions after v5.0.0 an initially unauthenticated user may gain administrative privileges over an arbitrary team. The vulnerability does not grant...
PT-2024-27495 · Absolute · Absolute Secure Access
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: There is a cross-site scripting issue in the management UI of Absolute Secure Access. Attackers with system administrator permissions can exploit this. Recommendations: For versions...
CVE-2024-36119
Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...
GHSA-CV5C-2QV5-W2M2 Passbolt Api Remote code execution
Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code. The impact is ve...
Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094 Checker The CVE-2024-3094 Checker is a powerful...