PT-2024-32880 · Intermesh · Intermesh 7177 Hybrid 2.0 Subscriber +1

Name of the Vulnerable Software and Affected Versions: InterMesh 7177 Hybrid 2.0 Subscriber versions prior to 8.2.12 InterMesh 7707 Fire Subscriber versions prior to 7.2.12 Description: A vulnerability has been identified that could allow an authenticated local attacker to execute arbitrary...

Ubuntu: Security Advisory (USN-7062-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-49006 tracing: Free buffers when a used dynamic event is removed

In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available not currently used by other events...

CVE-2022-48994 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in sndseqexpandvarevent With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure...

USN-7062-2 libgsf vulnerabilities

USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. Original advisory details: It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially...

USN-7062-2: libgsf vulnerabilities

USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. Original advisory details: It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially...

Adobe Illustrator < 24.0 Multiple Vulnerabilities (APSB19-36)

The version of Adobe Illustrator installed on the remote Windows host is prior to 24.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-36 advisory. - Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation...

Adobe Illustrator < 24.0 Multiple Vulnerabilities (APSB19-36) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 24.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-36 advisory. - Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation...

Grafana Command Injection And Local File Inclusion Via Sql Expressions

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

CVE-2024-9264

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

Autodesk Revit Installed (Windows)

Binary data autodeskrevitwininstalled.nbin...

Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463)

Binary data paloaltoexpeditionCVE-2024-9463.nbin...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2024-10101

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

CVE-2024-10101

CVE-2024-10101 concerns a stored XSS in binary-husky/gpt_academic v3.83, occurring at the /file endpoint which renders HTML files. Malicious HTML uploads stored on the backend can trigger payload execution in a victim’s browser when the file is accessed, potentially exposing session cookies or ot...

CVE-2024-10101 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

CVE-2024-10101 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

CVE-2024-10100

CVE-2024-10100 affects binary-husky/gpt_academic v3.83. Root cause: improper handling of the file parameter allows path traversal via URL encoding. Impact: attackers could view any file on the host, including sensitive files (application files, SSH keys, API keys, configuration values). Public re...

CVE-2024-10100 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...