43 matches found
Thales Sentinel LDK Runtime Stored XSS
RISK EVALUATION Thales Sentinel LDK Runtime on Windows allows Stored Cross-site Scripting. 2. RECOMMENDED PRACTICES Upgrade to version 10.22 or later. 3. DESCRIPTION Thales Sentinel LDK Runtime on Windows allows Stored Cross-site Scripting. Fixed in Sentinel LDK Runtime 10.22. 4. EXTRA INFO...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...
Directory Traversal
Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing message...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...
Directory Traversal
Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...
EUVD-2024-37237
Malicious code in bioql PyPI...
EUVD-2022-29423
Malicious code in bioql PyPI...
EUVD-2024-49787
Malicious code in bioql PyPI...
EUVD-2024-3267
Malicious code in bioql PyPI...
CVE-2025-3224 Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...
Failed to open the resources after the upgrading CWA for Windows to 2409
After upgrading CWA Windows to 2409, if any PNAgent stores are configured e.g.,https://url/citrix/store/pnagent/config.xml , CWA shows an error message on refresh or sign-in stating, “To resolve this issue, contact your helpdesk with this information: Error while parsing.”...
CVE-2024-21697
This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...
March 12, 2024—KB5035888 (Monthly Rollup)
March 12, 2024—KB5035888 Monthly Rollup Reminder As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. We recommend that you upgrade to a supported version of Windows. For more information, see Update that enables you to upgra...
CVE-2023-45160
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...
CVE-2022-24543
Windows Upgrade Assistant Remote Code Execution Vulnerability...
CVE-2022-24543
Windows Upgrade Assistant Remote Code Execution Vulnerability...
Remote code execution
Windows Upgrade Assistant Remote Code Execution Vulnerability...
CVE-2022-24853 File system exposure in Metabase
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...
Windows Upgrade Assistant Remote Code Execution Vulnerability
...
Microsoft Windows 输入验证错误漏洞
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Upgrade Assistant. The vulnerability stems from improper handling of input data and can be exploited by an attacker to...