CVE-2024-5963

CVE-2024-5963 affects Hitachi Device Manager on Windows (Device Manager Server component). The vulnerability is an Unquoted Executable Path in versions before 8.8.7-00, with impact described as potential compromise of confidentiality, integrity, and availability. The issue is documented in multip...

Hitachi Device Manager 安全漏洞

Hitachi Device Manager is a device management software from Hitachi, Ltd Hitachi, Japan. It is designed to help users simplify storage resource management, optimize storage performance, and improve the reliability and availability of storage systems. A security vulnerability exists in Hitachi...

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Exim vulnerability (USN-6939-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6939-1 advisory. Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this...

Ubuntu: Security Advisory (USN-6939-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6939-1: Exim vulnerability

Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users...

USN-6939-1 exim4 vulnerability

Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users...

GHSA-H9MQ-F6Q5-6C8M GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service

GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...

PT-2024-28780

Name of the Vulnerable Software and Affected Versions GraphQL Java versions prior to 21.5 GraphQL Java version 20.9 GraphQL Java version 19.11 Description The issue is related to the improper consideration of ExecutableNormalizedFields ENFs in preventing denial of service via introspection querie...

GraphQL Java 安全漏洞

GraphQL Java is a GraphQL Java implementation of the GraphQL Java open source. Query language and server-side runtime for application programming interfaces APIs. A security vulnerability exists in GraphQL Java versions prior to 21.5 that stems from not properly considering...

AI/LLM Model File Contains Executable Code (Keras HFS5 .h5)

Binary data aimodelkerashfs5containsexecutablecode.nbin...

CVE-2024-7249

Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...

CVE-2024-7249 Comodo Firewall Link Following Local Privilege Escalation Vulnerability

Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...

CVE-2024-41726

Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed...

CVE-2024-41726

Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed...

CVE-2024-41726

Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed...

CVE-2024-41726

CVE-2024-41726 is a path traversal vulnerability in SKYSEA Client View for Windows, affecting versions 3.013.00 through 19.210.04e. If exploited, an arbitrary executable can be executed by a logged-in user on the affected PC. Publicly documented impact is arbitrary executable/file execution with ...

PT-2024-29541 · Unknown · Skysea Client View

Name of the Vulnerable Software and Affected Versions: SKYSEA Client View versions 3.013.00 through 19.210.04e Description: A path traversal issue exists, allowing an arbitrary executable file to be executed by a user who can log in to the PC where the product's Windows client is installed...

(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost...

(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost...