Dell PowerScale OneFS Symbolic Link Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a symbolic link vulnerability, which can be exploited by a local, highly-privileged attacker to cause a denial of service,...

UBUNTU-CVE-2024-3024

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

CVE-2024-3024 appneta tcpreplay get.c get_layer4_v6 heap-based overflow

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

CVE-2024-3024

CVE-2024-3024 affects appneta tcpreplay up to version 4.4.4. The vulnerability is a heap-based buffer overflow in get_layer4_v6 in tcpreplay/src/common/get.c, exploitable via local access. Multiple connected sources confirm the issue and reference a public exploit; internal details are not provid...

CVE-2024-3024

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

CVE-2023-46047

An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file...

PT-2024-23286 · Appneta +2 · Appneta Tcpreplay +2

Name of the Vulnerable Software and Affected Versions: appneta tcpreplay versions up to 4.4.4 Description: A vulnerability was found in appneta tcpreplay, affecting the function get layer4 v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking...

CVE-2024-25958

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise

Summary There are multiple vulnerabilities in IBM Semeru Runtime used by IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

CVE-2024-2007

A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to t...

CVE-2024-22724

OSCommerce v4 is affected by CVE-2024-22724. The issue allows local attackers to bypass file upload restrictions in the administrator profile photo upload feature and execute arbitrary code. Documents consistently describe a local, credentialed path to code execution via file upload, but do not p...

CVE-2024-28562

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Imf22::copyIntoFrameBuffer component when reading images in EXR format...

CVE-2024-0162

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM...

Dell PowerEdge Server BIOS 和 Dell Precision Rack BIOS 输入验证错误漏洞

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS are both products of Dell, Inc.Dell PowerEdge Server BIOS is a system update driver from Dell.Dell Precision Rack BIOS is a Dell Precision Rack BIOS is a BIOS utility for high-performance workstation products. An input validation error...

PT-2024-2092 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH client feature could allow an authenticated, local attacker to elevate privileges on an affected device. This issue is due to insufficient validatio...

CVE-2024-1302

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

PHOENIX CONTACT CHARX SEC Input Validation Error Vulnerability

PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. An input validation error vulnerability exists in PHOENIX CONTACT CHARX SEC-3000 versions prior to v1.5.1, which stems from incorrect input validation and allows an unauthenticated local attacker to...

SourceCodester My Food Recipe Cross-Site Scripting Vulnerability

SourceCodester My Food Recipe is a recipe sharing web application. A cross-site scripting vulnerability exists in SourceCodester My Food Recipe version v.1.0, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the Recipe Name, Procedure, ingredients...

PT-2024-18231 · Santesoft · Sante Fft Imaging

Name of the Vulnerable Software and Affected Versions: Santesoft Sante FFT Imaging versions 1.4.1 and prior Description: The issue allows a local attacker to perform an out-of-bounds write, potentially enabling arbitrary code execution, when a user opens a malicious DCM file on affected...

PT-2024-20900 · Unknown · Zuoxingdong Lagom

Name of the Vulnerable Software and Affected Versions: zuoxingdong lagom version 0.1.2 Description: The issue allows a local attacker to execute arbitrary code via the pickle load function of the serialize.py file. Recommendations: For zuoxingdong lagom version 0.1.2, consider disabling the pickl...