Code execution vulnerability in multiple Mozilla products (CNVD-2025-00862)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

Fuji Electric Monitouch V-SFT X1 File Parsing Out-of-Bounds Write Code Execution Vulnerability

Fuji Electric Monitouch V-SFT is a configuration software for Human Machine Interfaces HMI from Fuji Electric. It supports a variety of features including customizable home screen, PDF document viewer, video player, alarm messages, 10 pop-up windows, and more. An out-of-bounds write code executio...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

IrfanView Code Execution Vulnerability (CNVD-2024-48747)

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView suffers from a code execution vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current process...

H3C GR-1800AX Code Execution Vulnerability

The H3C GR-1800AX is an enterprise-class wireless router from China's Xinhua San H3C. The H3C GR-1800AX suffers from a code execution vulnerability that stems from the presence of a remote code execution RCE vulnerability. No detailed vulnerability details are available at this time...

Moderate: Red Hat Security Advisory: perl-App-cpanminus:1.7044 security update

An update for the perl-App-cpanminus:1.7044 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Moderate: Red Hat Security Advisory: perl-App-cpanminus security update

An update for perl-App-cpanminus is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:10218 Moderate: perl-App-cpanminus security update

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution...

CVE-2024-9737

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in th...

CVE-2024-11533

IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

CVE-2024-9742

CVE-2024-9742 concerns Tungsten Automation Power PDF and is rooted in a PSD file parsing flaw. The issue arises from insufficient validation of the length of user-supplied data before copying it into a fixed-length heap-based buffer, causing a heap-based buffer overflow. This leads to remote code...

CVE-2024-11530 IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2024-5717 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

JetBrains WebStorm < 2024.3 Code Execution

The version of JetBrains WebStorm installed on the remote host is prior to 2024.3 . It is, therefore, affected by a code execution vulnerability as referenced in the vendor advisory. Code Execution can occur in Untrusted Project mode via specifically constructed type definitions in the installer...

CVE-2024-10382

There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to...

CVE-2024-10382 Arbitrary Code execution in Car App Android Jetpack Library

There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to...

PT-2024-8646

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.1.1 iOS versions prior to 17.7.2 and 18.1.1 iPadOS versions prior to 17.7.2 and 18.1.1 macOS Sequoia versions prior to 15.1.1 visionOS versions prior to 2.1.1 Description The issue was addressed with improved checks...

CVE-2024-10728 PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'installrequiredplugincallback' function in all versions up to, and including, 4.1.16. This makes it possible...

D-Link DIR-820L Code Execution Vulnerability

The D-Link DIR-820L is a dual-band wireless router from China's AUO D-Link. The D-Link DIR-820L suffers from a code execution vulnerability that stems from the pingaddr parameter in the pingv4 and pingv6 functions failing to properly filter the special elements of the constructed code segment. An...

Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPVistaReport class. The issue results from the lack of proper validation of a...