CVE-2024-7400 Local privilege escalation in ESET products for Windows

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so...

CVE-2024-6141

Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-6141

Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-7602

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

CVE-2024-7600

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2024-6141 Windscribe Directory Traversal Local Privilege Escalation Vulnerability

Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-6141

The CVE-2024-6141 issue is a local privilege escalation in Windscribe due to directory traversal in the Windscribe Service. The root cause is failure to validate a user-supplied path before file operations, enabling an attacker who can run low-privileged code to escalate to SYSTEM and execute arb...

CVE-2024-7602 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

CVE-2024-7602

Logsign Unified SecOps Platform contains a Directory Traversal Information Disclosure vulnerability in its HTTP API service (listening on port 443 by default). The flaw arises from insufficient validation of a user-supplied path used in file operations, allowing an attacker to disclose sensitive ...

CVE-2024-7601 Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability

Logsign Unified SecOps Platform Directory dataexportdeleteall Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerabilit...

CVE-2024-7601

CVE-2024-7601 affects Logsign Unified SecOps Platform. The vulnerability resides in the HTTP API service (default port 443) where lack of proper validation of a user-supplied path enables a traversal that can delete arbitrary files in the root context. Exploitation requires authentication, and th...

CVE-2024-7600 Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

kernel: NFSD: Fix ia_size underflow

A vulnerability was found in the Linux kernel's NFSD, where an underflow in the iasize field can occur due to incorrect handling of file size types. When an NFS client sends a file size greater than the maximum value the system can handle, it can lead to an underflow in the iasize variable, causi...

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The...

CVE-2024-7564

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

CVE-2024-7564 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the unpackageAll...

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the getresponsejsonresult endpoint. The issue results from the lack ...

CVE-2024-41014

The CVE CVE-2024-41014 affects the Linux kernel (xfs) and is caused by insufficient bounds checking in xlog_recover_process_data, specifically verifying the space for fixed members of xlog_op_header. A crafted XFS image can trigger an out-of-bounds read by altering the xlog_op_header and xlog_rec...

CVE-2024-41014

In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlogrecoverprocessdata There is a lack of verification of the space occupied by fixed members of xlogopheader in the xlogrecoverprocessdata. We can create a crafted image to trigger an out of bounds re...