Vulnerability

Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes

Recreating a vulnerability in log streaming via the Kubelet on Windows nodes

Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908)

The Delinea Protocol Handler suffers from a Remote Code Execution vulnerability in the sslauncher URL handler. This could be exploited by a malicious …

Read Article

Introducing NachoVPN: One VPN Server to Pwn Them All

Is Your Corporate VPN Client Providing Access to More Than Just Your Employees?

Read Article

Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)

Today, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an …

Read Article

Skeleton Cookie: Breaking into Safeguard with CVE-2024-45488

Join us as we reveal how CVE-2024-45488 can let attackers gain access to your corporate password vault and uncover hidden secrets of Microsoft DPAPI.

Read Article

One Identity SafeGuard for Privileged Passwords - Authentication Bypass (CVE-2024-45488)

SafeGuard for Privileged Passwords (SPP) virtual appliance images contain a hard-coded cryptographic key (CWE-321). An attacker can exploit this key …

Read Article

Cato Client - Local Privilege Escalation via OpenSSL Configuration File (CVE-2024-6975)

The OpenSSL implementation in the winvpnclient.cli.exe service executable is configured to load an openssl.cnf file from a location that does not …

Read Article

Cato Client - Local Privilege Escalation via Self-Upgrade (CVE-2024-6974)

The Cato Client was found to use an insecure temporary folder for downloading and processing updates.

Read Article

Cato Client - Local Root Certificate Install as Low Privileged User (CVE-2024-6978)

The Cato Client allows a low-privileged, local user to install arbitrary Root CA Certificates in the computer’s certificate store.

Read Article

Showing posts from Vulnerability