CVE-2024-6062 GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swfsvgaddisosample of the file src/filters/loadtext.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

CVE-2024-6062 GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swfsvgaddisosample of the file src/filters/loadtext.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

CVE-2024-5684

CVE-2024-5684 affects Volkswagen Group ID Charger Connect & Pro. A faulty JWT-library implementation can allow a local/adjacent attacker to bypass password authentication on the web configuration interface and gain full user access. If the library accepts a "+none" algorithm, the JWT may be insec...

kernel: net/sched: act_ct: fix skb leak and crash on ooo frags

A memory leak flaw and potential kernel crash were found in the Linux kernel’s Conntrack module. This issue occurs when Conntrack is being used by a local user for a specific configuration, and both fragmented packets are received remotely and out of order. This flaw allows a local or remote user...

CVE-2024-32021

...

CVE-2024-2746

CVE-2024-2746 is an incomplete fix for CVE-2024-1929 affecting dnf5/libdnf5 where the D-Bus interface accepts untrusted configuration overrides, enabling local root control by loading user-supplied plugins or manipulating privileged files. Public reports describe potential DoS via large/blocked f...

CVE-2024-23704

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOWADDWIFICONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-49675

CODESYS Development System : Affected versions prior to V2.3.9.73 contain an out-of-bounds write triggered when a user opens a corrupted project file, enabling an unauthenticated local attacker to execute arbitrary code or crash the system. Documents consistently describe this as a local, user-in...

CVE-2024-34062

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

CVE-2024-34062 tqdm CLI arguments injection attack

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

CVE-2023-32155

Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this...

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

CVE-2023-27325

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...

CVE-2023-27323

Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target hos...

PT-2024-25539

Name of the Vulnerable Software and Affected Versions Hyprland versions through 0.39.1 Description A local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file through a race condition in plugins/HookSystem.cpp. This issue allows for the execution of...

CVE-2023-51796

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/freverse.c:269:26 in areverserequestframe...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing...

CVE-2024-29738

In govinit, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-315318821

In tmusettrthresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Dell Security Management Server <1.9.0 - Local Privilege Escalation Exploit

Exploit Title: title Dell Security Management Server versions prior to 11.9.0 Exploit Author: author Amirhossein Bahramizadeh CVE : if applicable CVE-2023-32479 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege...