CVE-2024-55968

DTEX DEC-M (DTEX Forwarder) 6.1.1 is affected. The com.dtexsystems.helper service fails to validate client identity during XPC IPC, not verifying code requirements, entitlements, security flags, or client version before connections. This enables unauthorized XPC connections to call DTConnectionHe...

DTEX DEC-M 安全漏洞

DTEX DEC-M is a unified internal risk management platform from DTEX Corporation. A security vulnerability exists in DTEX DEC-M version 6.1.1, which stems from a lack of proper logical validation, and allows an attacker to elevate privileges to root via an unauthorized client connection using the...

CVE-2024-45407 Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

Design/Logic Flaw

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...

Rocket.Chat getRoomRoles Meteor Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2, which stems from a lack of ACL checking in its getRoomRoles Meteor method, and can be exploited by an attacker to cause a...

GHSA-X6R5-VXFG-GQ3V Helm Improper Certificate Validation

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

Design/Logic Flaw

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

CVE-2018-3778

Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...

Authorization

Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...

Apache CXF Fediz Cross-Site Request Forgery Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. Apache CXF Fediz is one of the subprojects , mainly used to provide authenticatio...