7822 matches found
GHSA-6MGP-V5CM-GHG5 Drupal core Remote Code Execution
In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail, which could lead to remote code execution...
PT-2024-5067 · Owlet +3 · Owlet Cam V1 +4
Name of the Vulnerable Software and Affected Versions: ThroughTek Kalay SDK versions used in Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE Description: The issue is related to the use of uninitialized variables in the Kalay SDK, which can be exploited by a remote attacker to...
PT-2024-9394
Name of the Vulnerable Software and Affected Versions OpenSC affected versions not specified OpenSC tools affected versions not specified PKCS11 module affected versions not specified minidriver affected versions not specified CTK affected versions not specified Description An issue exists in...
DEBIAN-CVE-2024-29894
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
CVE-2024-29894
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
UBUNTU-CVE-2024-29894
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
CVE-2024-29894
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
RHEL 5 : ksh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection...
CVE-2024-34347
@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside th...
Rocky Linux 8 : nodejs:20 (RLSA-2024:1687)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1687 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For exampl...
CVE-2023-27325
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27324
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27322
Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27324
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27322
Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27322
Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27324
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27325 Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...
CVE-2023-27325
The CVE-2023-27325 issue affects Parallels Desktop and specifically the Updater service. The root cause is improper initialization of environment variables, which allows a local attacker with low-privilege code execution to escalate to root privileges and run arbitrary code. Public documentation ...