2029 matches found
CVE-2024-21134
...
The vulnerability of the veth component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the veth component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-29213
CVE-2024-29213 affects Ivanti Desktop and Server Management (Ivanti DSM) and leverages an insecure ACL to allow an authenticated local user to execute code with elevated privileges. The advisory and multiple feeds confirm the vulnerability exists in DSM versions prior to 2024.2, with a CVSS v3 ba...
CVE-2024-29821
Ivanti DSM version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector...
CVE-2024-29821
CVE-2024-29821 affects Ivanti Desktop and Server Management (DSM) prior to 2024.2. The vulnerability allows authenticated local users to execute code with elevated privileges due to insecure ACLs, via an unspecified attack vector. Public sources confirm impact is a local privilege escalation with...
PT-2024-38333 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.986 Description: The issue allows authenticated attackers with subscriber-level access and above to extract data from password protected posts vi...
CVE-2024-38190
CVE-2024-38190 concerns a missing authorization vulnerability in Microsoft Power Platform (and associated components like Dataverse) that allows an unauthenticated attacker to view sensitive information over a network vector. The provided metrics assign a CVSS3.1 base score of 8.6 (HIGH) with net...
Power Platform Information Disclosure Vulnerability
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...
PT-2024-31653 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.15.1.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The logout operation in the CloudStack web interface does not expire the user session completely, which remains valid until...
Oracle MySQL 安全漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Connectors is one of the drivers for connecting applications that use MySQL. A security vulnerability exists in MySQL Connectors for Oracle MySQL, which can be exploited by an attacker to update,...
Information Exposure
github.com/opentofu/opentofu is vulnerable to Information Exposure. The vulnerability is due to the static evaluation of module sources, versions and backend configurations. An attacker can expose sensitive variables and locals...
CVE-2024-43610
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...
CVE-2024-43610
CVE-2024-43610 concerns an information disclosure in Microsoft Copilot Studio. The connected PT-2024-7988 entry identifies Copilot Studio as the affected software and states that the vulnerability involves exposure of sensitive information to unauthorized actors via a network attack vector, explo...
CVE-2024-43488
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...
CVE-2024-43488
CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...
Copilot Studio Information Disclosure Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...
OESA-2024-2188 uboot-tools security update
This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound t...
pcp: pmcd heap corruption through metric pmstore operations
A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...