2857 matches found
CVE-2024-49817
The CVE-2024-49817 issue in IBM Security Guardium Key Lifecycle Manager (GKLM) affects versions 4.1, 4.1.1, 4.2, and 4.2.1, where user credentials are stored in configuration files that can be read by a local privileged user (CWE-260). The IBM Security bulletin describes this as a local informati...
CVE-2024-49817 IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user...
PT-2024-33694 · Ibm · Ibm Security Guardium Key Lifecycle Manager
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 4.1 through 4.2.1 Description: The issue concerns the storage of user credentials in configuration files by IBM Security Guardium Key Lifecycle Manager. These credentials can be accessed by...
PT-2024-70: Buffer Overflow in Suricata
The vulnerability was identified in Suricata versions 7.0.7 and below. Failure to check the input file size may result in a buffer overflow. Possible consequences of exploiting the vulnerability include an attacker gaining remote access to configuration files, injection a malicious BPF file into...
CVE-2024-49704
A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The Generic Da...
Asterisk AMI Originate Authenticated Remote Code Execution Exploit
On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to...
Asterisk AMI Originate Authenticated RCE
On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...
The vulnerability of the VPN server in corporate networks of Ivanti Secure Access Client (formerly Pulse Secure Desktop Client) – related to synchronization errors when using a shared resource (“Race Situation”) – allows a hacker to modify confidential configuration files.
The vulnerability of the VPN server for corporate networks of Ivanti Secure Access Client ISAC, previously known as Pulse Secure Desktop Client, on Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller (NDFC) involves improper authorization, allowing a malicious individual to disclose protected information.
The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller NDFC is related to improper authentication. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information by downloading configuration files or full backup files...
GHSA-QXRP-VHVM-J765 Deserialization of Untrusted Data in Hugging Face Transformers
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
Deserialization of Untrusted Data in Hugging Face Transformers
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2024-9245
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2024-11392
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
PYSEC-2024-227
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2024-11392 Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2024-11392 Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
CVE-2024-11392
CVE-2024-11392 is a deserialization-based remote code execution vulnerability in Hugging Face Transformers that IBM-related bulletins connect to. In the connected IBM advisories, exploitation pertains to multiple IBM products using Transformers components, notably: IBM Watson Speech Services Cart...
CVE-2024-9245 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2024-9245 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2024-9244 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...