Mozilla Firefox < 133.0

The version of Firefox installed on the remote Windows host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-63 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific...

Mozilla Firefox < 133.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-63 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under...

Mozilla Thunderbird < 133.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-67 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Unde...

Security Vulnerabilities fixed in Thunderbird 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

Mozilla Thunderbird < 128.5

The version of Thunderbird installed on the remote Windows host is prior to 128.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-68 advisory. - Memory safety bugs present in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of thes...

CVE-2024-7243

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-7253

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-7242 Panda Security Dome Link Following Local Privilege Escalation Vulnerability

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

The vulnerability of the needrestart utility, related to concurrent access to resources (race condition), allows a violator to execute arbitrary code in the context of the root user.

The vulnerability of the needrestart tool is related to concurrent access to resources race condition. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user by replacing the file usr/bin/python with a malicious executable file...

Command Hijacking

symfony is vulnerable to Command Hijacking. The vulnerability is due to insecure handling of executable files in the current working directory by the Process class, allowing an attacker to execute arbitrary code by placing a malicious cmd.exe file in the directory...

Arbitrary File Upload

agnai is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to place files in attacker-controlled locations on the server, including executable JavaScript files...

QuickBooks popup scam still being delivered via Google ads

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. We've seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a pho...

The vulnerability of the executable file vish2.exe in the software environment allows for the exploitation of Siemens ModelSim and Questa hardware devices. This enables a perpetrator to gain elevated privileges and execute arbitrary code.

The vulnerability of the executable file vish2.exe in the software environment for verifying and simulating Siemens ModelSim and Questa hardware devices is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and...

MAL-2024-12212 Malicious code in backwwii (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf5e7427061483e779c53f125b5792b2e650261bcdca0a9f4d90e9ca883c04d0 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in backwwii (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf5e7427061483e779c53f125b5792b2e650261bcdca0a9f4d90e9ca883c04d0 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Siemens SIPORT MP 安全漏洞

SIPORT is a comprehensive, modular and reliable system for access control and time management in the Monitoring Access Suite. An elevation of privilege vulnerability exists in Siemens SIPORT, which can be exploited by a local attacker with an unprivileged account to overwrite or modify the servic...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

Description Name : CVE-2023-38831 CVSS Score : 7.8...

CVE-2024-50592

CVE-2024-50592 describes a local privilege escalation in HASOMED Elefant software, via a race condition in the Elefant Update Service during repair/update. An attacker with local access can exploit the window between copying vulnerable executables to a user-writable folder (C:\Elefant1) and the f...

The vulnerability of the TeamViewer_service.exe executable file of the remote control software allows a hacker to gain increased privileges.

The vulnerability of the TeamViewerservice.exe executable file of the remote control software involves incorrect verification of the cryptographic signature. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...