The vulnerabilities of the Handler for User Photo Upload Command and the Handler for Picture Upload Command in the microprogrammable biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME allow a perpetrator to gain unauthorized access, enabling them to read, modify, or delete data.

The vulnerability of the Handler for User Photo Upload Command and Handler for Picture Upload Command components of the microprogrammed software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog...

The vulnerability of Firefox browser for iOS, related to information representation errors in the user interface, allows a hacker to perform a spoofing attack.

The vulnerability of Firefox browser for iOS is related to information representation errors in the user interface. Exploiting this vulnerability allows an attacker to perform a spoofing attack by replacing the URL address in the location string cp...

Google Golang Security Vulnerability

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

CVE-2024-36996

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt t...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which originates from mishandling of errors in the Modem, resulting in a system crash...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which originates from mishandling of errors in the Modem, resulting in a system crash...

The vulnerability of the pgAdmin 4 database management tool, related to permission handling errors, allows a hacker to execute arbitrary code.

The vulnerability of the pgAdmin 4 database management tool is related to permission handling errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

...

CVE-2024-35156

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766...

CVE-2024-35155

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765...

The vulnerability of the application for updating Google Updater allows a perpetrator to elevate their privileges.

The vulnerability of the application for updating Google Updater is related to data processing errors. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created file...

The vulnerability of the NVIDIA GPU Display Driver software driver allows a hacker to execute arbitrary code, increase their privileges, or disclose sensitive information.

The vulnerability of the NVIDIA GPU Display Driver software driver is related to access control errors. Exploiting this vulnerability allows an attacker to execute arbitrary code, enhance their privileges, or disclose sensitive information...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

python: Path traversal on tempfile.TemporaryDirectory

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link...

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

The vulnerability of the ThinServer component of the Rockwell Automation ThinManager application management platform allows a attacker to execute arbitrary code.

The vulnerability of the ThinServer component of Rockwell Automation’s centralized application management platform, ThinManager, relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SQL query...

ROS-20240625-04

A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the registervfs function hw/pci/pciesriov.c of the QEMU hardware emulator is related to a buffer overflo...

The vulnerability of the Windows Perception Service, a monitoring service for security status, allows attackers to escalate their privileges.

The vulnerability of the Windows Perception Service’s security monitoring function is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

The vulnerability of the software for deploying and executing AI models, NVIDIA Triton Inference Server (formerly TensorRT Inference Server), allows a perpetrator to disclose protected information.

The vulnerability of the software for deploying and executing NVIDIA Triton Inference Server previously known as TensorRT Inference Server is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...