Johnson Controls Inc. Software House C●CURE 9000 (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House C●CURE 9000 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

CVE-2024-6580

CVE-2024-6580 concerns the IPWorks SSH library SFTPServer component. The issue arises when loading an SSH public key or certificate, where the component can be induced to make unintended filesystem or network path requests. Exploitation requires an application calling the SFTPServer to grant user...

CVE-2024-6095

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...

CVE-2024-34122 T5 Acrobat Vulnerability - Exploitable crash in DecodeTile

Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

CVE-2024-34122 T5 Acrobat Vulnerability - Exploitable crash in DecodeTile

Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...

OpenSSH Server regreSSHion Remote Code Execution

Qualys Security Advisory regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems CVE-2024-6387 ======================================================================== Contents ======================================================================== Summary SSH-2.0-OpenSSH3.4p1 Debian...

Autodesk AutoCAD Memory Corruption Vulnerability

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A memory corruption vulnerability exists in Autodesk AutoCAD version 2024.1.4, which originates from a write access conflict when parsing maliciously crafted CATPART, XB, and STEP files in...

SDG Technologies PnPSCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : SDG Technologies Equipment : PnPSCADA Vulnerability : Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various...

Yokogawa FAST/TOOLS and CI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : FAST/TOOLS and CI Server Vulnerabilities : Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

python3.11 security update

3.11.7-1.1 - Security fix for CVE-2023-6597 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33884...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Use-after-free in networking

The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable crash...

GHSA-QX44-885H-7P56 Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Use-after-free in networking

The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable crash...

Mozilla: Use-after-free in networking

The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable crash...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...