KLA71827 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Inappropriate...

EulerOS Virtualization 2.11.1 : libarchive (EulerOS-SA-2024-2156)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Windows Libarchive Remote Code Execution VulnerabilityCVE-2024-20696 Tenable has extracted the preceding description block...

RHEL 8 : kpatch-patch-4_18_0-553 (RHSA-2024:5522)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:5522 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch...

Code execution vulnerability in multiple Mozilla products (CNVD-2024-46833)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device. The specific flaw exists within the...

CVE-2024-42489

CVE-2024-42489 affects Pro Macros (XWiki rendering macros). The vulnerability is due to missing escaping in the Viewpdf macro (and similar macros like Viewppt ), enabling remote code execution for users with view/edit/comment rights on affected pages. Root cause: missing escaping on CKEditor.HTML...

Siemens Omnivise T3000 Application Server Code Execution Vulnerability

The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei Huawei.Huawei EMUI is a mobile operating system based on Android development.Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. Huawei EMUI and Huaw...

Dell Inventory Collector Path Traversal Vulnerability

Dell Inventory Collector is a driver from Dell USA. A path traversal vulnerability exists in Dell Inventory Collector versions prior to 12.3.0.6, which can be exploited by a locally authenticated attacker to execute arbitrary code on the system...

Dell Peripheral Manager Uncontrolled Search Path Element Vulnerability (CNVD-2024-34485)

Dell Peripheral Manager is an application from Dell USA. It provides on-screen instructions on how to pair other devices with your computer via Bluetooth. An uncontrolled search path element vulnerability exists in Dell Peripheral Manager versions prior to 1.7.6, which can be exploited by an...

Google Chrome Code Execution Vulnerability (CNVD-2024-33612)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in Dawn. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Google Chrome Code Execution Vulnerability (CNVD-2024-34498)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in Tabs, which can be exploited by an attacker to execute arbitrary code on the system...

Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PDF-XChange Editor Out-of-Bounds Write Vulnerability (CNVD-2024-33589)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code...

NETGEAR RAX30 Command Injection Vulnerability (CNVD-2024-33905)

The NETGEAR RAX30 is a dual-band wireless router from NETGEAR. The NETGEAR RAX30 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary code...

Triangle MicroWorks SCADA Data Gateway Arbitrary File Write Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. Triangle MicroWorks SCADA Data Gateway suffers from an arbitrary file write vulnerability that can be exploited by an attacker to write arbitrary files and execute arbitrary code...

CVE-2024-23470 SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables...

CVE-2024-23470

CVE-2024-23470 affects SolarWinds Access Rights Manager (ARM). A pre-authentication remote code execution vulnerability is described as an exposed dangerous method in the UserScriptHumster component, allowing an unauthenticated user to run commands/executables on the server. Related Nessus data c...

PT-2024-27510 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM 2024 flat Description: The issue is related to an unspecified SQL Injection flaw in the core server, allowing an authenticated attacker within the same network to execute arbitrary code. Recommendations: For Ivanti EPM 2024 flat, a...

Apache Airflow code execution vulnerability (CNVD-2024-33592)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a code execution vulnerability that can be exploited by...