CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...

PT-2024-30183 · Unknown · Silverpeas

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.2 and lower Description: An issue in the password change function allows for the bypassing of password complexity requirements. Recommendations: For Silverpeas versions 6.4.2 and lower, update to a version that include...

CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...

CVE-2024-42850

Silverpeas contains a vulnerability in the password-change flow (affecting v6.4.2 and earlier) that allows bypassing password complexity requirements. This is described across multiple sources (CVE-2024-42850, Red Hat/CVE, GHSA advisory, OSV) as a critical issue. Impact: bypass of password rules ...

Silverpeas 安全漏洞

Silverpeas is a suite of open source business collaboration platforms from Silverpeas Open Source. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas v6.4.2 and earlier versions that stems from a problem...

CVE-2024-39425

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system...

CVE-2024-39425 Security vulnerability in AdobeARMHelper

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system...

CVE-2024-39425 Security vulnerability in AdobeARMHelper

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system...

CVE-2024-39425

CVE-2024-39425 concerns Adobe Acrobat Reader and is described as a Time-of-check Time-of-use (TOCTOU) race condition that could lead to privilege escalation. Affected versions include 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier. The exploitation model requires local, low-pr...

CVE-2024-39397

Adobe Commerce (Magento) is affected by CVE-2024-39397: Unrestricted Upload of File with Dangerous Type that could lead to arbitrary code execution. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue arises from uploading a dangerous file that is then executed...

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Best Practices for Cisco Device Configuration

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protoco...

EulerOS 2.0 SP11 : python-idna (EulerOS-SA-2024-2091)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

EulerOS 2.0 SP11 : python-idna (EulerOS-SA-2024-2108)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...

CVE-2024-7216

CVE-2024-7216 affects TOTOLINK LR1200, version 9.3.1cu.2832. The vulnerability resides in the file /etc/shadow.sample , where a hard-coded password is used. The issue is described as having high attack complexity and a difficult exploitability, with exploitation disclosed publicly per the sources...

CVE-2024-7216 TOTOLINK LR1200 shadow.sample hard-coded password

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2024-42096

In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...

CVE-2024-42096 x86: stop playing stack games in profile_pc()

In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...