PT-2024-30283 · Google · Android

Name of the Vulnerable Software and Affected Versions: Google Android versions 12 through 15 Description: The issue is related to a possible persistent denial of service due to resource exhaustion in the validate function of WifiConfigurationUtil.java. This could lead to a local denial of service...

PT-2024-32619 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.1.0 Description: The issue allows a local attacker to upgrade common permissions to root and leak sensitive information through a double free exploit. Recommendations: For OpenHarmony versions prior to 4.1.0,...

CVE-2024-10559 SourceCodester Airport Booking Management System details buffer overflow

A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function Details. The manipulation of the argument passport/name leads to buffer overflow. The attack needs to be approached locally. The exploit has been...

radare2 安全漏洞

radare2 is the radare open source set of libraries and tools for working with binaries. A security vulnerability exists in radare2 versions v5.8.0 through v5.9.4, which originated from allowing a local attacker to cause a denial of service via the bfdiv function...

PT-2024-16226 · Unknown · Chidiwilliams Buzz

Name of the Vulnerable Software and Affected Versions: chidiwilliams buzz version 1.1.0 Description: A problematic vulnerability was found in the download model function of the buzz/model loader.py file. This issue leads to an insecure temporary file and can be exploited locally, with a high...

CVE-2024-10093 VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path

A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been...

CVE-2024-10093

CVE-2024-10093 affects VSO ConvertXtoDvd 7.0.0.83 with a vulnerability in the avcodec.dll function inside ConvertXtoDvd.exe that enables an uncontrolled search path. The issue is locally exploitable, with disclosure of exploits/public use noted. PT-2024-16021 corroborates the affected version and...

PT-2024-16003 · Opensight +1 · Flashfxp +1

Name of the Vulnerable Software and Affected Versions: OpenSight Software FlashFXP version 5.4.0.3970 Description: A critical issue was found in the library libcrypto-1 1.dll of the file FlashFXP.exe, affecting an unknown function. This leads to uncontrolled search path manipulation. The attack...

MGASA-2024-0305 Updated tcpreplay package fix security vulnerability

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

MGASA-2024-0299 Updated python-tqdm package fixes security vulnerability

Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable...

CVE-2024-39584

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution...

Medium: python-tqdm

Issue Overview: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version...

CVE-2024-7738

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has...

CVE-2024-7738 yzane vscode-markdown-pdf Markdown File pathname traversal

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has...

PT-2024-38403

Name of the Vulnerable Software and Affected Versions oFono affected versions not specified Description This issue allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this issue. The specific flaw exists within the...

CVE-2024-7326

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The...

DEBIAN-CVE-2024-6062

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swfsvgaddisosample of the file src/filters/loadtext.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

DEBIAN-CVE-2024-6061

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffinprocess of the file src/filters/isoffinread.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the...

CVE-2024-6062

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swfsvgaddisosample of the file src/filters/loadtext.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

UBUNTU-CVE-2024-6062

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swfsvgaddisosample of the file src/filters/loadtext.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...