ifood Order Manager Security Vulnerability

ifood Order Manager is an order manager from ifood. A security vulnerability exists in ifood Order Manager version v3.35.5, which originates from a vulnerability that allows attackers to execute arbitrary code via a DLL hijacking attack...

PT-2024-28343 · Unknown · Ifood Order Manager

Name of the Vulnerable Software and Affected Versions: ifood Order Manager version 3.35.5 Description: An issue in ifood Order Manager allows attackers to execute arbitrary code via a DLL hijacking attack. Recommendations: For ifood Order Manager version 3.35.5, consider restricting access to the...

CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

DEBIAN-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

ALPINE-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

CVE-2024-37005

A maliciously crafted XB file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-23157

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSWDLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

CVE-2024-23155

A maliciously crafted MODEL file, when parsed in atfasminterface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process...

CVE-2024-23157

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSWDLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...

USN-6835-1: Ghostscript vulnerabilities

It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. CVE-2023-52722 This issue only affected Ubuntu 20.04...

USN-6835-1 ghostscript vulnerabilities

It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. CVE-2023-52722 This issue only affected Ubuntu 20.04...

PT-2024-6676 · Rockwell Automation · Emulate3D

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Emulate3D version 17.00.00.13276 Description: A vulnerability exists in the Rockwell Automation Emulate3D, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are...

Nextcloud Security Breach

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.12.0, which...

PT-2024-5609 · Dell · Dell Peripheral Manager

Name of the Vulnerable Software and Affected Versions: Dell Peripheral Manager versions prior to 1.7.6 Description: The issue is related to an uncontrolled search path element in the Dell Peripheral Manager software. This could allow an attacker to potentially exploit the vulnerability through...

UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

Oracle EMS SQL Manager 安全漏洞

Oracle EMS SQL Manager is a database management tool from Oracle Corporation USA. A security vulnerability exists in Oracle EMS SQL Manager version 3.6.2 that originates from allowing DLL hijacking, which allows users to trigger arbitrary code execution...

PT-2024-5604 · Dell · Dell Peripheral Manager

Name of the Vulnerable Software and Affected Versions: Dell Peripheral Manager versions prior to 1.7.6 Description: The issue is related to an uncontrolled search path element in the software. This could allow an attacker to potentially exploit the vulnerability through preloading malicious DLL o...