30 matches found
Avid NEXIS Agent - Arbitrary File Read
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...
EUVD-2024-23563
Malicious code in bioql PyPI...
EUVD-2024-23564
Malicious code in bioql PyPI...
EUVD-2024-23561
Malicious code in bioql PyPI...
EUVD-2024-23562
Malicious code in bioql PyPI...
CVE-2024-26293
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...
CVE-2024-26292
An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance SDA+: before 2025.5.1...
CVE-2024-26291
An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...
CVE-2024-26293
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...
CVE-2024-26293 Unauthenticated Path Traversal affecting Avid NEXIS
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...
CVE-2024-26293 Unauthenticated Path Traversal affecting Avid NEXIS
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...
CVE-2024-26293
CVE-2024-26293 affects Avid NEXIS products via a vulnerable gSOAP v2.8 instance, enabling Unauthenticated Path Traversal. Impacted are Avid NEXIS E-series, F-series, PRO+ and System Director Appliance (SDA+) versions prior to 2025.5.1. Descriptions across NVD/Red Hat/CVELIST and related sources c...
CVE-2024-26292
An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance SDA+: before 2025.5.1...
CVE-2024-26291
An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...
CVE-2024-26292
CVE-2024-26292 is an authenticated Arbitrary File Deletion vulnerability affecting Avid NEXIS E-series, F-series, NEXIS PRO+, and System Director Appliance (SDA+) prior to 2025.5.1. Connected PT-Security details confirm the flaw allows an authenticated attacker operating with elevated privileges ...
CVE-2024-26292 Authenticated Arbitrary File Deletion affecting Avid NEXIS
An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance SDA+: before 2025.5.1...
CVE-2024-26292 Authenticated Arbitrary File Deletion affecting Avid NEXIS
An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance SDA+: before 2025.5.1...
CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS
An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...
CVE-2024-26291
CVE-2024-26291 corresponds to an unauthenticated arbitrary file read in the Avid NEXIS Agent when a user supplies a filename parameter that does not validate the path, allowing reading arbitrary files because the Agent runs with root/NT AUTHORITY SYSTEM privileges. Multiple sources (Red Hat advis...
CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS
An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...