1262 matches found
CVE-2024-46902
A vulnerability in Trend Micro Deep Discovery Inspector DDI versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code admin user rights on the target system in ord...
CVE-2024-48903
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
CVE-2024-46903
A vulnerability in Trend Micro Deep Discovery Inspector DDI versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
CVE-2024-46902
A vulnerability in Trend Micro Deep Discovery Inspector DDI versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code admin user rights on the target system in ord...
CVE-2024-46902
Affected product: Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above. The issue is described as a SQL injection vulnerability in the web service that can lead to disclosure of sensitive information in affected installations. Exploitation details in the public docs indicate that aut...
CVE-2024-39753
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...
CVE-2024-39753
CVE-2024-39753 involves a modOSCE SQL Injection in Trend Micro Apex One (and Apex One as a Service) that can lead to remote code execution. Affected component is the client management functionality; the vulnerability arises from unsafely built SQL queries using untrusted input. Exploitation requi...
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2024 Release 1, which originates from allowing out-of-bounds write...
PaperCut NG pc-web-print Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
FreeBSD : OpenSSH -- Pre-authentication async signal safety issue (58750d49-7302-11ef-8c95-195d300202b3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 58750d49-7302-11ef-8c95-195d300202b3 advisory. The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async-...
Linux Kernel vmwgfx Driver Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...
CVE-2024-6141
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
CVE-2024-6141
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
CVE-2024-33657
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks...
CVE-2024-5929 VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged cod...
CVE-2024-6141
The CVE-2024-6141 issue is a local privilege escalation in Windscribe due to directory traversal in the Windscribe Service. The root cause is failure to validate a user-supplied path before file operations, enabling an attacker who can run low-privileged code to escalate to SYSTEM and execute arb...
PT-2024-25417 · Aptiov · Aptiov
Name of the Vulnerable Software and Affected Versions: AptioV affected versions not specified Description: This issue affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to...
SUSE CVE-2024-7589
A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's privileged code, which is not sandbox...