GO-2024-2941 ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik...

The vulnerability of the DefaultAzureCredential and ManagedIdentityCredential components of the Azure Identity Libraries and Microsoft Authentication Library allows a perpetrator to escalate their privileges.

The vulnerability of the DefaultAzureCredential and ManagedIdentityCredential components in the Azure Identity Libraries and Microsoft Authentication Library authentication libraries is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow attacke...

Malicious code in cc-libraries-js (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1958 Malicious code in cc-libraries-js (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-23144

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the...

CVE-2024-23140

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atfapi.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...

FreeBSD : traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability (82830965-3073-11ef-a17d-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82830965-3073-11ef-a17d-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft...

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

androidx.room:room-compiler-processing-testing (>=2.3.0 <=2.4.0-alpha04), au.com.dius.pact.provider:gradle (>=4.1.21 <=4.3.0-beta.6) +2878 more potentially affected by CVE-2021-47621 via io.github.classgraph:classgraph (>=4.0.3 <=4.8.110)

io.github.classgraph:classgraph MAVEN version =4.0.3, =2.3.0, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =1.2.5.RELEASE, =1.2.5.RELEASE, =1.3.5.RELEASE, =1.3.7.RELEASE and more Source cves: CVE-2021-47621 Source advisory:...

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...

GHSA-RVJ4-Q8Q5-8GRF ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References - CVE-2024-35255 Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds...

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References - CVE-2024-35255 Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds...

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

SAMSUNG Magician PC Software Security Vulnerability

SAMSUNG Magician PC Software is an application from the South Korean company Samsung SAMSUNG. Designed to help manage Samsung SSDs. A security vulnerability exists in SAMSUNG Magician PC Software version 8.0.0. An attacker could exploit the vulnerability to elevate privileges by tampering with...

Adobe Creative Cloud Desktop Application Uncontrolled Search Path Element Vulnerability

Adobe Creative Cloud Desktop Application is a suite of applications for managing applications and services in the Creative Cloud Membership Management Center from Adobe USA. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

PT-2024-27810 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.12.0 Description: A code injection issue in the Nextcloud Desktop Client for macOS allows arbitrary code to be loaded when the client is started with the DYLD INSERT LIBRARIES environment variable...

CVE-2024-34116

Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete...

CVE-2024-34116 Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation

Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete...

Adobe Creative Cloud Desktop Application 代码问题漏洞

Adobe Creative Cloud Desktop Application is a suite of applications for managing applications and services in the Creative Cloud Membership Management Center from Adobe USA. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...