Vulnerabilities (CVE)

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a ... Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.

Show More

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.

An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity ( ... An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.

Show More

Windows Telephony Service Remote Code Execution Vulnerability

Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.

Azure Monitor Agent Elevation of Privilege Vulnerability

CLTPHP <=6.0 is vulnerable to Improper Input Validation.

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.

Microsoft SQL Server Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Windows HTML Platforms Security Feature Bypass Vulnerability

MapUrlToZone Security Feature Bypass Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

IP Helper Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Digital Media Elevation of Privilege Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Kerberos Denial of Service Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Microsoft Message Queuing Information Disclosure Vulnerability

MapUrlToZone Security Feature Bypass Vulnerability