CVE-2024-4176

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to th...

CVE-2024-4176

CVE-2024-4176 affects Trellix XDR XConsole. The issue is a cross-site scripting vulnerability in XConsole prior to this release, enabling an attacker to leverage XSS/HTML injection via command line variables to craft malicious links that could affect the end user’s browser. Documents consistently...

(0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue result...

PT-2024-29554 · Unknown · Edr Xconsole

Name of the Vulnerable Software and Affected Versions: EDR XConsole affected versions not specified Description: A cross-site scripting vulnerability allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on...

Trellix XDR XConsole Cross-Site Scripting Vulnerability

Trellix XDR XConsole is an interface from Trellix USA that simplifies the Trellix XDR user experience. A cross-site scripting vulnerability exists in Trellix XDR XConsole, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to perform HTML injection...

CVE-2024-27805

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data...

CVE-2024-27805

An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data...

CVE-2024-27805

CVE-2024-27805 describes an issue where improved validation of environment variables prevents an app from accessing sensitive user data. Affected Apple platforms include macOS Ventura 13.6.7, macOS Monterey 12.7.5, macOS Sonoma 14.5, iOS 16.7.8 / 16.7.8, iPadOS 16.7.8 / 17.5, iOS 17.5, watchOS 10...

CVE-2024-27805

An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data...

CVE-2024-27805

An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data...

CVE-2024-35306

CVE-2024-35306 describes an OS command injection in Pandora FMS’ Ajax PHP files via HTTP requests, affecting Pandora FMS versions 700–776 (up to but not including 777). Root cause is insufficient sanitization of input variables, enabling an attacker to execute system commands. Impact is potential...

Pandora Security Breach

Pandora is an analytics framework for discovering if a file is suspicious and displaying the results conveniently. A security vulnerability exists in Pandora FMS versions 700 through prior to 777 that stems from the presence of operating system command injection, which allows the execution of...

ZendFramework Potential Cross-site Scripting in Development Environment Error View Script

The default error handling view script generated using ZendTool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. ZendToolProjectContextZfViewScriptFile was patched such that the view script template now calls the...

Fedora: Security Advisory for rust-uu_env (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4881

CVE-2024-4881 is a path traversal vulnerability in the parisneo/lollms application. Multiple connected documents confirm the issue affects version 9.4.0 and potentially earlier builds, arising from inadequate sanitization of file paths containing backslashes across Windows/Linux contexts, enablin...

CVE-2024-3104

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...

CVE-2024-3104

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...

CVE-2024-3104 Remote Code Execution in mintplex-labs/anything-llm

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...

CVE-2024-3104 Remote Code Execution in mintplex-labs/anything-llm

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...

CVE-2024-3104

CVE-2024-3104 affects mintplex-labs/anything-llm. The vulnerability arises from improper handling of environment variables, enabling remote code execution via POST /api/system/update-env. Affected versions are prior to 1.0.0; fix is in 1.0.0. Documented impact includes code execution on the host,...