CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

FreeBPX < 16.0.44 Authentication Bypass

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...

CVE-2023-20869

VMware Workstation 17.x and VMware Fusion 13.x contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...

CVE-2024-7404 Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow...

CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

CVE-2024-32849

The CVE-2024-32849 entry concerns Trend Micro Security 17.x (Consumer). A Privilege Escalation flaw exists in the coreServiceShell due to incorrect link resolution, enabling a local attacker to delete privileged Trend Micro files (including its own). Public sources (ZDI advisory ZDI-24-576 and JV...

CVE-2024-32849

Trend Micro Security 17.x Consumer is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

CVE-2024-32849

Trend Micro Security 17.x Consumer is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

Amazon Corretto Java 17.x < 17.0.10.7.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.10.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2024-Jan-16 advisory. - hotspot/compiler CVE-2024-20918, CVE-2024-20921 - hotspot/runtime CVE-2024-20919 -...

Oracle OpenJDK 8.x, 11.x, 17.x, 20.x Multiple Vulnerabilities (Jul 2023)

Oracle OpenJDK is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:openjdk"; ifdescripti...

Amazon Corretto Java 17.x < 17.0.8.7.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2023-Jul-18 advisory. - core-libs/java.net CVE-2023-22006 - core-libs/java.util CVE-2023-22036 - hotspot/compiler...

CVE-2023-20869

CVE-2023-20869 is a stack-based buffer overflow in VMware Workstation 17.x and VMware Fusion 13.x related to sharing host Bluetooth devices with the VM. Public reports and Vulners-derived references confirm this vulnerability, which can allow a local attacker with VM-level privileges to execute c...

Amazon Corretto Java 17.x < 17.0.6.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.6.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2023-Jan-17 advisory. - 5.3 CVE-2023-21830, CVE-2023-21835 - 3.7 CVE-2023-21843 Note that Nessus has not tested for these...

CVE-2022-47581

Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request...

GHSA-MHXJ-85R3-2X55 file-type vulnerable to Infinite Loop via malformed MKV file

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when...

Amazon Corretto Java 17.x < 17.0.4.8.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.4.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2022-Jul-19 advisory. - hotspot/compiler CVE-2022-21540 - hotspot/runtime CVE-2022-21541 - core-libs/java.util...

Amazon Corretto Java 17.x < 17.0.3.6.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.3.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2022-Apr-17 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has...

Oracle Java SE Security Update (jan2022) 03 - Windows

Oracle Java SE is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Digium Asterisk Security Vulnerability

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...