IrfanView Out-of-Bounds Read Vulnerability (CNVD-2024-47204)

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current proces...

PT-2024-10174 · Iptraf-Ng +3 · Iptraf-Ng +3

Name of the Vulnerable Software and Affected Versions: iptraf-ng version 1.2.1 Description: The issue is related to a stack-based buffer overflow in the iptraf-ng utility, which can be exploited by a remote attacker to execute arbitrary code. This occurs due to the strcpy function in src/ifaces.c...

PT-2024-7609 · Qurouter · Qurouter

Name of the Vulnerable Software and Affected Versions: QuRouter versions prior to 2.4.5.032 Description: A SQL injection vulnerability has been reported to affect QuRouter, allowing remote attackers to inject malicious code if exploited. The vulnerability is related to errors in processing input...

Fortinet FortiManager Access Control Error Vulnerability (CNVD-2025-00408)

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2756)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not...

KLA74034 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Web Authenticatio...

KLA73521 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in V8 ca...

CVE-2023-46870

extcap/nrfsnifferble.py, extcap/nrfsnifferble.sh, extcap/SnifferAPI/.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts...

MGASA-2024-0154 Updated libarchive packages fix security vulnerability

Remote Code Execution Vulnerability. CVE-2024-26256...

KLA65693 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface, obtain sensitive information, perform cross-site scripting attack. Below is a...

D-Link DIR-845L Code Execution Vulnerability

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A code execution vulnerability exists in D-Link DIR-845L v1.01KRb03 and earlier versions, which stems from the soapcgimain function failing to correctly filter the special elements of the constructor snippet in the cgibin binary...

CVE-2024-25713

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

CVE-2023-36778 Microsoft Exchange Server Remote Code Execution Vulnerability

...

CVE-2023-38208 Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated...

PT-2023-36422 · Gnu +2 · Linux +2

Уязвимость функции drm mode setcrtc модуля drivers/gpu/drm/drm crtc.c драйвера DRM ядра операционной системы Linux связана с доступом к неинициализированной динамической памяти. Эксплуатация уязвимости может позволить нарушителю оказать влияние на целостность и доступность информации и выполнить...

CVE-2023-26360 Adobe ColdFusion Improper Access Control Arbitrary code execution

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application...

Use-After-Free

connman is vulnerable to use-after-free. A WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to an application crash or code execution...

Mozilla Firefox ESR Security Advisory (MFSA2022-30) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 inclusive are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This...