An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
Source: HackerOne
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
Source: HackerOne
Max CVSS
2.7
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
Source: HackerOne
Max CVSS
7.2
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
Source: HackerOne
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-22
Updated
2024-05-24
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Source: HackerOne
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-05-13
Updated
2024-05-14
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.
Source: HackerOne
Max CVSS
2.8
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-07
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server. The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control. Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks. Workarounds: Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.
Source: HackerOne
Max CVSS
6.0
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-07
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.
Source: HackerOne
Max CVSS
2.2
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-07
An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.
Source: HackerOne
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-07
An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.
Source: HackerOne
Max CVSS
2.2
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-07
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
Source: HackerOne
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-25
Updated
2024-04-25
A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
Source: HackerOne
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
Source: HackerOne
Max CVSS
7.1
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
Source: HackerOne
Max CVSS
8.2
EPSS Score
0.05%
Published
2024-04-09
Updated
2024-05-01
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
Source: HackerOne
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-05-07
Updated
2024-05-07
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later.
Source: HackerOne
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-04
Updated
2024-04-05
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
Source: HackerOne
Max CVSS
6.5
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
Source: HackerOne
Max CVSS
7.1
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Source: HackerOne
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-04-19
Updated
2024-04-19
1327 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!