1386 matches found
CVE-2024-11079
CVE-2024-11079 : In Ansible-Core, a bypass of unsafe-content protections via the hostvars object can lead to arbitrary code execution if templating data from remote sources or module outputs is unsafe. The description explicitly states the risk of executing templated content when hostvars is used...
CVE-2024-11079 Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
CVE-2024-11079 Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...
The vulnerability of DrayTek Vigor router microprogramming software, related to insufficiently secure data encryption, allows attackers to disclose protected information and perform a “Man-in-the-Middle” attack.
The vulnerability of DrayTek Vigor router microprogramming software is related to insufficiently robust data encryption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information and carry out a Middleware Incident Response Team MITM attack...
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, relates to deficiencies in access control. This vulnerability allows a malicious actor to delete data from the KV Store (Key Value Store).
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in access control to the KV Store Key Value Store. Exploiting this vulnerability could...
JDK: Array indexing integer overflow (8328544)
Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...
JDK: Integer conversion error leads to incorrect range check (8332644)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...
DEBIAN-CVE-2024-21210
Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...
PT-2024-7007 · Oracle · Oracle Product Hub +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Item Catalog component of Oracle Product Hub, which can be exploited by a low-privileged attacker with network access via HTTP...
PCS Engineering com.prestoncinema.app 安全漏洞
PCS Engineering com.prestoncinema.app is a driver from PCS Engineering. A security vulnerability exists in PCS Engineering com.prestoncinema.app version 0.2.0. A remote attacker could exploit the vulnerability to obtain sensitive information through the firmware update process...
INATRONIC com.inatronic.bmw 安全漏洞
INATRONIC com.inatronic.bmw is a driver from INATRONIC. A security vulnerability exists in INATRONIC com.inatronic.bmw version 2.7.1. A remote attacker could exploit the vulnerability to obtain sensitive information through the firmware update process...
Creative com.creative.apps.xficonnect 安全漏洞
Creative com.creative.apps.xficonnect is a driver from Creative. A security vulnerability exists in Creative com.creative.apps.xficonnect version 2.00.02. A remote attacker could exploit this vulnerability to obtain sensitive information through the firmware update process...
CVE-2024-9574
SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
SOPlanning 安全漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.45, which stems from vulnerability to SQL injection attacks that allow a remote user to send a specially crafted query and extract all information...
The vulnerability of Microsoft Edge and Google Chrome browsers, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the web page rendering module in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Web page rendering module in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to information leaks through process environments, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to information leaks through the process environment. Exploiting these vulnerabilities can allow attackers operating remotely ...
The vulnerability in implementations of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba network communication software package, related to repeated memory release, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerabilities of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba networking software package are related to repeated memory release. Exploiting these vulnerabilities can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...