Cfx.re FXServer 安全漏洞

Cfx.re FXServer is a platform server from Cfx.re, Inc. A security vulnerability exists in Cfx.re FXServer v9601 and prior versions, which stems from faulty access control and allows an unauthenticated user to modify and read arbitrary user data via a publicly available API endpoint...

UBUNTU-CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

Apache Kafka 安全漏洞

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. An authorization issue vulnerability exists in Apache...

kernel: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

in linux kernel net/sched taprio, TCATAPRIOATTRPRIOMAP is not correctly validated if multiple calls to tapriochange occur. This can allow arbitrary data to be injected to the kernel...

PT-2024-8717 · Siemens · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V3.0 SP1 Description: A vulnerability has been identified in the affected application, which contains a database function that does not properly restrict the permissions of users to write to the filesystem of the...

CVE-2024-38422 Integer Overflow to Buffer Overflow in Audio

Memory corruption while processing voice packet with arbitrary data received from ADSP...

CVE-2024-38422 Integer Overflow to Buffer Overflow in Audio

Memory corruption while processing voice packet with arbitrary data received from ADSP...

The vulnerability of the printing control software in PaperCut MF and PaperCut NG lies in the incorrect definition of the link before accessing a file, allowing a violator to delete arbitrary data.

The vulnerability of the printing control software in PaperCut MF and PaperCut NG is related to an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow a perpetrator to delete arbitrary data...

PT-2024-6503

Name of the Vulnerable Software and Affected Versions CUPS affected versions not specified Description The issue is related to the libppd function ppdCreatePPDFromIPP2 not sanitizing IPP attributes when creating the PPD buffer. This can result in user-controlled input and ultimately code executio...

Agnaistic 安全漏洞

Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker can exploit this vulnerability to read arbitrary JSON files at any location on the server...

PT-2024-32454 · Agnai · Agnai

Name of the Vulnerable Software and Affected Versions: Agnai versions prior to 1.0.330 Description: A vulnerability in Agnai permits attackers to read arbitrary JSON files at attacker-chosen locations on the server, leading to unauthorized access to sensitive information and exposure of...

CVE-2024-7493

The WPCOM Member plugin for WordPress (versions ≤ 1.5.2.1) is vulnerable to unauthenticated privilege escalation via User Meta. The issue arises because arbitrary data can be passed to wp_insert_user() during registration, enabling an unauthenticated attacker to set their role to Administrator du...

CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

CVE-2024-45163

CVE-2024-45163 concerns the Mirai botnet codebase where simultaneous TCP connections to the CNC server are mishandled, leaving unauthenticated sessions open and allowing resource consumption. Affected: Mirai botnet (through 2024-08-19) with unauthenticated sessions that can be triggered by sendin...

CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

Xibo CMS SQL注入漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing an authenticated user to retrieve and modify arbitrary data from the database by injecting a specially crafted value into the sortBy...

Xibo CMS SQL注入漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing an authenticated user to view dataset data by injecting a specially crafted value into the API, which could allow an attacker to obtain...

PT-2024-29569 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.12 Xibo versions prior to 4.0.14 Description: A SQL injection issue was discovered in the API routes of Xibo, a content management system, specifically in the components responsible for filtering DataSets. This allo...

PT-2024-28031 · Broadcom · Symantec Privileged Access Management

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an unauthenticated attacker to read arbitrary information from the database. There is no information provided about the estimated number of potentially affected...