158 matches found
CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...
CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...
CVE-2024-45712
CVE-2024-45712 affects SolarWinds Serv-U. The vulnerability is a client-side cross-site scripting (XSS) issue that can be exploited only by an authenticated user from the local browser session. The documented risk is described as very low. Affected guidance indicates versions prior to 15.5.1 are ...
SA-2024-07-12-CVE-2024-29213
SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-29213 CVE Reserved | 7.8...
CVE-2024-48061
langflow =1.0.18 is vulnerable to Remote Code Execution RCE as any component provided the code functionality and the components run on the local machine rather than in a sandbox...
CVE-2024-48061
Langflow
CVE-2024-48061
langflow =1.0.18 is vulnerable to Remote Code Execution RCE as any component provided the code functionality and the components run on the local machine rather than in a sandbox...
CVE-2024-29821
Ivanti DSM version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector...
CVE-2024-29213
CVE-2024-29213 affects Ivanti Desktop and Server Management (Ivanti DSM) and leverages an insecure ACL to allow an authenticated local user to execute code with elevated privileges. The advisory and multiple feeds confirm the vulnerability exists in DSM versions prior to 2024.2, with a CVSS v3 ba...
Malicious code in ws-api-typescript-websocket-hooks (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...
MAL-2024-9261 Malicious code in ws-api-typescript-websocket-hooks (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...
MAL-2024-9221 Malicious code in descriptiongenerator-typescript-runtime (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01ce8c140437db152bce12a94652fc2dbd5af9a9a2792e41ed7cdea5fe8b02c7 Any computer that has this package installed or running...
CVE-2024-31201
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...
CVE-2024-31201
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...
Ivanti Endpoint Manager < 2022 (CVE-2024-22058)
The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. - A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...
SUSE CVE-2019-1002101
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could r...
PT-2024-19174 · Ivanti · Ivanti Epm
Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions 2021.1 and older Description: A buffer overflow issue allows a low-privilege user on the local machine with the EPM Agent installed to execute arbitrary code with elevated permissions. Recommendations: For Ivanti EPM...
Traceroute 2.1.2 Privilege Escalation Vulnerability
In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...
CVE-2023-39912
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...
CVE-2022-46782
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine...