CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

WatchGuard多款产品 安全漏洞

WatchGuard EPDR and others are products of WatchGuard USA.WatchGuard EPDR is an application.WatchGuard Panda AD360 is an advanced cybersecurity solution that integrates EPP, EDR and machine learning technologies.WatchGuard Panda Dome is an antivirus program. A security vulnerability exists in...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

ClamAV < 0.103.12, 1.0.0 < 1.0.7, 1.1.0 < 1.3.2, 1.4.0 < 1.4.1 System File Corruption

The ClamAV reported version is 103.12, 1.0.x 1.0.7, 1.1.0 x 1.3.2, or 1.4.0 1.4.1 It is, therefore, affected by a vulnerability in the ClamD service module, where an attacker could to corrupt a critical system file by appending ClamD log messages after restart. Note that Nessus has not tested for...

CVE-2022-25777

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery SSRF vulnerability...

UBUNTU-CVE-2024-46715

In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iioinfo's callback access Some callbacks from iioinfo structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a...

CVE-2024-8752 WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system...

TopQuadrant TopBraid EDG Insecure External Password Storage and XXE Vulnerabilities

RISK EVALUATION TopQuadrant TopBraid EDG stores credentials for external services insecurely and processes untrusted XML entities. An authenticated attacker could obtain credentials for remote services, read local files, or access URLs. 2. RECOMMENDED PRACTICES Upgrade to TopQuadrant TopBraid...

PT-2024-6177 · Unknown +4 · Clam Antivirus +4

Name of the Vulnerable Software and Affected Versions: Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions Description: The vulnerability is due to allowing th...

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20505 A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could...

CVE-2024-7917

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

kernel: usb: typec: altmodes/displayport: create sysfs nodes as driver&#39;s default device attribute group

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...

kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

No description is available for this CVE...

Error “The system cannot find the specified file. Error number 0xE0000002” Occurs When Merging vDisk Versions Fails

Merging vDisk versions fails and displays the following error: "The system cannot find the specified file. Error number 0xE0000002." Running mcli run mergedisk –p disklocatorid base=1 displays success on execution, however merged disk doesnot come up on console or store. Management Daemon logs...

USN-6895-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...

UBUNTU-CVE-2024-39484

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using exit for the remove function results in the remove callback being discarded with CONFIGMMCDAVINCI=y. When such a device gets unbound e.g. using sysfs or...

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

GHSA-6RQ9-53C3-F7VJ onnx allows Arbitrary File Overwrite in download_model_with_test_data

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, versions before 1.16.2, allow for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

Easyadmin 跨站脚本漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in Easyadmin 20240324 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the parameter file of file /sys/file/upload...

PT-2024-25159 · Asus · Asus Atszio Driver

Name of the Vulnerable Software and Affected Versions: ASUS ATSZIO Driver version 0.2.1.7 Description: An issue in the component ATSZIO64.sys of the ASUS ATSZIO Driver allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For versi...