191 matches found
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI prior to version 2024R1, which stems from a lack of access...
Oracle Java SE Multiple Vulnerabilities (Apr 2025) - Windows
Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-45419
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access...
CVE-2024-6068 Input Validation Vulnerability exists in Arena® Input Analyzer
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file...
Oracle Java SE Security Update (Oct24-1) - Windows
Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20240918-02
A vulnerability in the WebKitGTK web page display module is related to disclosure of information in an erroneous data area of data. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the sensitive data...
The vulnerability of the OTRS system’s administration log module allows a violator to disclose protected information.
The vulnerability of the OTRS application’s administration log module is related to the disclosure of information through registration files. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
ROS-20240906-01
Vulnerability of ip6tnlrcv function in net/ipv6/ip6tunnel.c module of Linux kernel IPv6 protocol implementation is related to use of uninitialized memory. of the Linux operating system is related to the use of uninitialized memory. Exploitation of the vulnerability could allow a remote attacker t...
CVE-2024-1545
CVE-2024-1545 concerns WolfSSL’s wolfCrypt RSA code path: Fault Injection in RsaPrivateDecryption (rsa.c) enables Rowhammer-induced data leakage to the RsaKey structure, allowing information disclosure and potential privilege escalation. Affected software: WolfSSL/wolfCrypt (example version wolfs...
ROS-20240826-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
CVE-2024-39413 An unauthorized user can export the Invoiced Sales Report
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...
CVE-2024-7091 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user...
Mozilla Firefox Security Update (MFSA2024-29) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
PT-2024-20189 · Silicon · Gecko Os
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific fl...
CVE-2024-28285
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges...
Zoom Client for Meetings < 5.17.0 Vulnerability (ZSB-24003)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.17.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-24003 advisory. - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...
Zoom VDI Meeting Client < 5.17.5 Vulnerability (ZSB-24002)
The version of Zoom VDI Meeting Client installed on the remote host is prior to 5.17.5. It is, therefore, affected by a vulnerability as referenced in the ZSB-24002 advisory. - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...
Zoom Client for Meetings < 5.17.0 Vulnerability (ZSB-24002)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.17.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-24002 advisory. - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...
Zoom VDI Meeting Client < 5.17.5 Vulnerability (ZSB-24003)
The version of Zoom VDI Meeting Client installed on the remote host is prior to 5.17.5. It is, therefore, affected by a vulnerability as referenced in the ZSB-24003 advisory. - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...
CVE-2024-24696
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access...