PT-2024-17788 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS versions up to 1.2 Description: A critical issue has been found in the Configuration File Handler component, specifically in the file /install/installdb.php. The manipulation of the database password argument leads to code injection...

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

UBUNTU-CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2024-12798 JaninoEventEvaluator vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

Exploit for CVE-2024-4956

CVE-2024-4956 CVE-2024-4956 is a serious path traversal vulne...

PT-2024-33656 · Siemens · Comos

Name of the Vulnerable Software and Affected Versions: COMOS V10.3 versions prior to V10.3.3.5.8 COMOS V10.4.0 versions prior to V10.4.4.2 COMOS V10.4.1 versions prior to V10.4.4.2 COMOS V10.4.2 versions prior to V10.4.4.2 COMOS V10.4.3 versions prior to V10.4.3.0.47 COMOS V10.4.4 versions prior ...

Exploit for Deserialization of Untrusted Data in Huggingface Transformers

CVE-2024-11392 Hugging Face Transformers MobileViTV2 Des...

Fedora 41 : uv (2024-8568f9cd5e)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8568f9cd5e advisory. Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes. ---- By updating to a current release of uv, this update fixes...

PT-2024-27793 · Open Robotics · Ros2

Name of the Vulnerable Software and Affected Versions: Open Robotic Robotic Operating System 2 ROS2 versions navigation2-humble Description: A Buffer Overflow issue allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2 planner process. This enables the attacker to...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that stems from the inclusion of a buffer overflow vulnerability. A local attacker exploiting this vulnerability could execute arbitrary code to the nav2planner process via a crafted .yam...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing a buffer overflow. An attacker exploiting the vulnerability can be triggered by sending a carefully crafted .yaml file...

Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras Password in Configuration File (CVE-2017-7925)

A Password in Configuration File issue was discovered in Dahua DH-IPC- HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH- IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH- SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI- HCVR51A08HE-S3, and...

Atlassian Confluence Data Center and Server 安全漏洞

Atlassian Confluence Data Center and Server is a data center from Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the fact that the confluence.cfg.xml file is readable by default by users in the BUILTIN/Users group...

VMware Aria Operations 安全漏洞

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. A security vulnerability exists in VMware Aria Operations that originates from a malicious command that can be inserted...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

OmegaT 安全漏洞

OmegaT is a translation memory application open-sourced by OmegaT. A security vulnerability exists in OmegaT 6.0.1 and earlier versions, which stems from an arbitrary file upload vulnerability in RoamingOmega that allows an attacker to execute arbitrary code by uploading a crafted .conf file...

CVE-2023-43091

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code...

CVE-2023-43091

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code...