IrfanView Out-of-Bounds Read Vulnerability (CNVD-2024-47207)

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current proces...

ALSA-2024:10219 Moderate: perl-App-cpanminus:1.7044 security update

The panminus is a script to get, unpack, build and install modules from CPAN. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files...

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files...

IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files...

PT-2024-16235 · Google · Car App Android Jetpack Library

Name of the Vulnerable Software and Affected Versions: Car App Android Jetpack Library versions prior to 1.7.0-beta02 Description: The issue is related to a code execution vulnerability in the Car App Android Jetpack Library. Specifically, the CarAppService uses deserialization logic that allows...

CVE-2018-9341

creationtimestamp| type| source ---|---|--- 2024-11-19 21:00:54+00:00| seen| https://t.me/cvedetector/11507...

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2024-45318)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Siemens TeleControl Server

SUMMARY TeleControl Server Basic V3.1 contains a deserialization vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the device. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...

Arbitrary Code Execution

org.openrefine, database is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper configuration in the database extension of OpenRefine, specifically the enableloadextension property that permits loading local or remote extension DLLs...

CVE-2024-48423

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library...

CVE-2024-48423

The provided connected documents confirm CVE-2024-48423 affects the Assimp library (v5.4.3) and enables local arbitrary code execution via CallbackToLogRedirector. OpenSUSE/SUSE advisories and OSV entries indicate patches/fixes have been released in multiple Linux distributions (e.g., openSUSE-SU...

MariaDB Remote Code Execution Vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A remote code execution vulnerability exists in MariaDB version 10.5, and no detailed vulnerability details are currently available...

Apache Lucene Deserialization Vulnerability

Apache Lucene is the United States Apache Apache Foundation, a free open source search engine software library. Apache Lucene suffers from a deserialization vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by a...

D-Link DIR-619L Buffer Overflow Vulnerability (CNVD-2024-40838)

The D-Link DIR-619L is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in D-Link DIR-619L version B12.06, which can be exploited by an attacker to execute arbitrary code on the system or cause a denial of service...

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2024-9812

Summary (CVE-2024-9812) A SQL injection flaw exists in code-projects Crud Operation System 1.0, affecting the delete.php file via manipulation of the “sid” parameter. The issue is exploitable remotely and can impact confidentiality, integrity, and availability as described in multiple sources. Th...

CVE-2024-38229 .NET and Visual Studio Remote Code Execution Vulnerability

...

PT-2024-31895 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi versions 4.7.9 and earlier Description: The issue allows escaping from comments within the code generation feature, enabling the injection of malicious code. This flaw can be exploited to inject malicious code into the system...

Code Injection

MindsDB is vulnerable to Code Injection. The vulnerability is due to the unsafe use of the eval function, which directly executes input Python code without proper validation. It allows an attackers to inject and execute arbitrary code via the 'SELECT WHERE' clause...