Intel oneAPI Toolkit and component software installers security vulnerability

Intel oneAPI Toolkit and component software installers is an application from Intel Corporation USA. A security vulnerability previously existed in Intel oneAPI Toolkit and component software installers version 4.3.2, which stemmed from improper access control in the affected product. It could...

Vulnerabilities fixed in Zoom products

Zoom has fixed vulnerabilities in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. A malicious party could exploit the vulnerabilities to gain access to sensitive data, grant themselves elevated permissions, or to cause a denial-of-service. To cause ...

PT-2024-19472 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, the product implementation is...

PT-2024-19672 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

PT-2024-19673 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

PT-2024-19674 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

PT-2024-14529 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a...

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactServiceCommands function. The issue results from the lack of proper validation of ...

PT-2024-14218 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a...

PT-2024-14217 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a...

PT-2024-19675 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

PT-2024-19676 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The flaw...

CVE-2023-50395

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...

CVE-2023-50395 SQL Injection Remote Code Execution Vulnerability

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...

PT-2024-1657 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution vulnerability was found in the SolarWinds Platform, which can be exploited using a create statement. This issue requires user...

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to bypass security measures, grant himself elevated privileges granted and execute code with administrator privileges and gain access to sensitive data on the vulnerable system. Successful misuse...

PT-2024-14825 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: The VAPIX API tcptest.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an...

Vinchin Backup and Recovery Security Vulnerabilities

Vinchin Backup and Recovery is an easy-to-use, safe and reliable virtual machine data protection software from China Yunqi Technology Vinchin. It is used for backup and recovery. A security vulnerability exists in Vinchin Backup and Recovery v7.2. An attacker can exploit the vulnerability to...

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer. A malicious party could exploit the vulnerability to cause a denial-of-service attack. For successful abuse, the malicious party must have prior authentication. Progress has released updates to fix the vulnerability in MOVEit Transfer 2023.1....