CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

Panda Security Dome 安全漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from the Spanish company Panda Security. A security vulnerability exists in Panda Security Dome that stems from a lack of proper permission settings for folders created by the Hydra Sdk Windows service, which could allow a loc...

Panda Security Dome 后置链接漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from Spanish company Panda Security. Panda Security Dome suffers from a back-linking vulnerability that originates from the link-following mechanism in the PSANHost executable, which could lead to a local attacker deleting an...

AVG AntiVirus Free 后置链接漏洞

AVG AntiVirus Free is a free antivirus program from AVG. AVG AntiVirus Free suffers from a back-link vulnerability that stems from a local elevation of privilege issue that could allow an attacker to delete files, which in turn could elevate privileges and execute arbitrary code in a SYSTEM...

AVG AntiVirus Free 后置链接漏洞

AVG AntiVirus Free is a free antivirus program from AVG. AVG AntiVirus Free suffers from a back-link vulnerability that stems from a local elevation of privilege issue that could allow an attacker to delete files, which in turn could elevate privileges and execute arbitrary code in a SYSTEM...

Panda Security Dome 代码问题漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from Spanish company Panda Security. A code issue vulnerability exists in Panda Security Dome, which arises from an improper restriction of the DLL search path by the VPN process, which could lead to a local attacker loading a...

G DATA Software Total Security 后置链接漏洞

G Data G DATA Software Total Security is a suite of antivirus software from the German company G Data. The software is anti-phishing, anti-virus and anti-spam. G DATA Software Total Security suffers from a backlink vulnerability that stems from improper handling of symbolic links, which could all...

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

CVE-2024-11495

CVE-2024-11495 describes a buffer overflow in OllyDbg 1.10 caused by lack of proper bounds checking, enabling a local attacker to execute arbitrary code. Multiple sources (NVD, CVE record) confirm a local-exploit scenario with high impact, consistent with a serverless/hosted debugger context. The...

The vulnerability of the AcTranslators.exe executable file of the AutoCAD simulation, design, and drafting software allows a perpetrator to record confidential data or execute arbitrary code.

The vulnerability of the AcTranslators.exe executable file used in AutoCAD modeling, design, and drawing software lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to write confidential data or execute arbitrary code withi...

CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code...

PT-2024-37362 · Rockwell Automation · Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Input Analyzer affected versions not specified Description: A memory corruption issue exists when parsing DFT files, allowing local threat actors to disclose information and execute arbitrary code by opening a...

Siemens SINEC INS Path Traversal Vulnerability (CNVD-2024-45208)

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. A path traversal vulnerability exists in Siemens SINEC INS, which stems from not properly clearing user-supplied paths for sftp-based file uploads and downloads, and can be...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...

D-Link DWR-2000M 安全漏洞

The D-Link DWR-2000M is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DWR-2000M. A local attacker can exploit the vulnerability to execute arbitrary code via a crafted request...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager that stems from the inclusion of a path traversal vulnerability. A remote, authenticated attacker with administrator privileges could explo...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CycloneDX cdxgen may execute code contained within build-related files

CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to 1 change user...