CVE-2024-6656 Hardcoded Credentals in TNB Mobile Solutions' Cockpit Software

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

CVE-2024-41871 Media Encoder | Out-of-bounds Read (CWE-125)

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

UBUNTU-CVE-2024-46684

In the Linux kernel, the following vulnerability has been resolved: binfmtelffdpic: fix AUXV size calculation when ELFHWCAP2 is defined createelffdpictables does not correctly account the space for the AUX vector when an architecture has ELFHWCAP2 defined. Prior to the commit 10e29251be0e...

CVE-2024-45826 ThinManager® Code Execution Vulnerability

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file...

CVE-2024-45826

Rockwell Automation ThinManager has a path traversal leading to remote code execution when processing a crafted POST request. Affected versions: ThinManager 13.1.0–13.1.2 and 13.2.0–13.2.1; upgrade to 13.1.3+ or 13.2.2+ to mitigate. CVSSv3 base score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H); CVS...

CVE-2024-45826 ThinManager® Code Execution Vulnerability

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file...

openSUSE Security Advisory (SUSE-SU-2024:3200-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

CVE-2024-27115

CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...

SUSE-SU-2024:3200-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2024-6923: Fixed email header injection due to unquoted newlines bsc1228780 Other fixes: - %profileopt variable is set according to the variable %doprofiling bsc1227999 - Stop using %%defattr, it seems to be breaking proper executable...

Malicious code in colourfulls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...

MAL-2024-12246 Malicious code in colourfulls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...

OESA-2024-2105 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Malicious code in cblines (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 80531e39cd96b75b32c7549840f7bc6984377765d9f9f663c0b560332b4e1b84 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

Malicious code in pymatcha (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

MAL-2024-12332 Malicious code in pymatcha (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

Vivavis 权限许可和访问控制问题漏洞

Vivavis is an automated control system from Vivavis, Inc. Vivavis suffers from a Permission Permission and Access Control Issues vulnerability that stems from an authorization issue contained in prunsrv.exe that could lead to arbitrary code execution...

SUSE: Security Advisory (SUSE-SU-2024:3076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...