| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tanium addressed an improper input validation vulnerability in Deploy. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. |
| Tanium addressed an improper access controls vulnerability in Deploy. |
| Tanium addressed an improper access controls vulnerability in Patch. |
| Tanium addressed an improper input validation vulnerability in Discover. |
| Tanium addressed a documentation issue in Engage. |
| Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. |
| Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. |
| Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. |
| Tanium addressed an improper access controls vulnerability in Interact. |
| A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later |
| An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later |
| Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. |
| Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue. |
| Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. |
| Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue. |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality. |
