Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and comply with the organization's policies, even when not on the corporate network. A security...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

CVE-2024-33396

CVE-2024-33396 affects karmada-io karmada up to v1.9.0. The issue allows a local attacker to execute arbitrary code by sending a crafted command to obtain the token component, enabling local privilege escalation. Affected versions are 1.9.0 and earlier; impact is local code execution with high se...

PT-2024-24534 · Carina · Carina

Name of the Vulnerable Software and Affected Versions: Carina versions 0.13.0 and earlier Description: An RBAC authorization risk allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster...

PT-2024-19884 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on MacOS versions prior to 3.4 Description: An issue with improper validation of integrity check values in the upgrade process may allow local execution of code. This issue is related to the Zscaler Client Connector o...

PT-2024-13023 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.1.0.62 Description: An Improper Validation of Integrity Check Value issue in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code...

PT-2024-25230 · Karmada · Karmada

Name of the Vulnerable Software and Affected Versions: karmada versions 1.9.0 and earlier Description: The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This is related to token handling and can be exploited for local privilege escalatio...

CVE-2024-24912

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system...

PT-2024-21410 · Unknown · Wifire Hotspot

Name of the Vulnerable Software and Affected Versions: Wifire Hotspot version 4.5.3 Description: An issue in Wifire Hotspot allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. Recommendations: For Wifire Hotspot version 4.5.3, consider restricting access ...

DEBIAN-CVE-2023-51794

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/afstereowiden.c:120:69...

UBUNTU-CVE-2023-51794

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/afstereowiden.c:120:69...

PT-2024-6490

Name of the Vulnerable Software and Affected Versions Ffmpeg version N113007-g8d24a28d06 Description The issue is related to a buffer overflow vulnerability in the libavfilter/af stereowiden.c file of the FFmpeg library. This vulnerability can be exploited by a local attacker to execute arbitrary...

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...

PT-2024-24509 · Shenzhen Libituo Technology Co. · Lbt-T300-T400

Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 version 3.2 Description: A Buffer Overflow issue allows a local attacker to execute arbitrary code via the vpn client ip variable of the config vpn pptp function in the rc program. This enabl...

PT-2024-22953 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code by sending a crafted payload to the "stepselect main.php" component. Recommendations: For DedeCMS version 5.7, at the moment, ther...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

CVE-2024-4031

Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code...

SUSE CVE-2023-49501

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the configeqoutput function in the libavfilter/asrcafirsrc.c:495:30 component...

SUSE CVE-2023-51795

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avfshowspectrum.c:1789:52 component in showspectrumpicrequestframe...

SUSE CVE-2023-51797

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avfshowwaves.c:722:24 in showwavesfilterframe...