The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

CVE-2024-50046

...

Vulnerability of the handle_imageUpload() function in the plugin for creating customizable content based on artificial intelligence (AI): The Complete AI Pack from the WordPress content management system allows attackers to execute arbitrary code.

Vulnerability of the handleimageUpload function in the plugin for creating customizable content based on artificial intelligence AI: The Complete AI Pack of the WordPress content management system is associated with unlimited uploading of dangerous types of files. Exploiting this vulnerability...

Oracle Business Intelligence Enterprise Edition (OAS 7.6) (October 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.6.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...

CVE-2024-10381

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

CVE-2024-10381

CVE-2024-10381 affects Matrix Door Controller Cosec Vega FAXQ, where the web-based management interface has an improper session-management implementation. A remote attacker can send specially crafted HTTP requests to the vulnerable device, potentially gaining unauthorized access and full control....

CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

CVE-2024-45260

CVE-2024-45260 affects GL.iNet devices (MT6000, MT3000, MT2500, AXT1800, AX1800) running version 4.6.2. The issue allows users in unauthorized groups to invoke any interface of the device, leading to full control. Provided sources consistently describe the affected models and version, but do not ...

CVE-2024-45263

CVE-2024-45263 affects GL.iNet devices: MT6000, MT3000, MT2500, AXT1800, and AX1800 (firmware 4.6.2). The upload interface accepts arbitrary files; when executed by the device, this can cause information leakage and give an attacker complete control. No mitigations or patches are provided in the ...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

Malicious code in 5pjh9i (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b146f124ef7685c191891b06d1253b04cb7df55faa519897a63f8156a8070f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9373 Malicious code in hpkofi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d35d1b95291e601b027075607893a6eda408516de1407619b513432c3c2e6d1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21199

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2024-21200

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...