CVE-2024-33673

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path...

CVE-2024-33671

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files...

CVE-2024-33673

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path...

Veritas Technologies Backup Exec 安全漏洞

Veritas Technologies Backup Exec is a powerful suite of data backup recovery tools from Veritas Technologies, USA. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies the installation process and improves manageability...

PT-2024-25431 · Veritas · Veritas Backup Exec

Name of the Vulnerable Software and Affected Versions: Veritas Backup Exec versions prior to 22.2 HotFix 917391 Description: An issue was discovered that allows for DLL Hijacking in the Windows DLL Search path due to improper access controls. Recommendations: For versions prior to 22.2 HotFix...

PT-2024-5139 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A critical issue was found in the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to a stack-based buffer overflow. It is possible to...

CVE-2024-33673

CVE-2024-33673 affects Veritas Backup Exec before 22.2 HotFix 917391. The issue is improper access controls that enable DLL hijacking in the Windows DLL search path. CVSS v3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, and privileges required, no user interaction. Impa...

CVE-2024-33671

Summary: CVE-2024-33671 affects Veritas Backup Exec (before 22.2 HotFix 917391). The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to delete arbitrary files on protected files. Impact: highest concerns involve integrity and availability (I/H; A/H per metrics). Root cau...

PT-2024-25429 · Veritas · Veritas Backup Exec

Name of the Vulnerable Software and Affected Versions: Veritas Backup Exec versions prior to 22.2 HotFix 917391 Description: An issue was discovered in the Veritas Backup Exec software, where the Backup Exec Deduplication Multi-threaded Streaming Agent can be used to perform arbitrary file deleti...

CVE-2024-33671

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files...

Veritas Technologies Backup Exec 安全漏洞

Veritas Technologies Backup Exec is a powerful suite of data backup recovery tools from Veritas Technologies, USA. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies the installation process and improves manageability...

GitLens Git Local Configuration Exec

GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...

Vulnerabilities fixed in Veritas BackupExec

Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...

Silex Technology DS-600 安全漏洞

The Silex Technology DS-600 is a hardware device from Silex Technology, Inc. designed to easily connect and share USB 3.0 and 2.0 devices over a network. A security vulnerability exists in the Silex Technology DS-600 version v.1.4.1. A remote attacker can exploit the vulnerability to cause a deni...

CVE-2024-24487

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command...

PT-2024-20417 · Silex Technology · Ds-600 Firmware

Name of the Vulnerable Software and Affected Versions: silex technology DS-600 Firmware version 1.4.1 Description: An issue in the silex technology DS-600 Firmware allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. Recommendations:...

CVE-2024-24487

The CVE-2024-24487 entry concerns Silex Technology DS-600 Firmware v1.4.1. A remote attacker can trigger a denial of service by sending crafted UDP packets that invoke the EXEC REBOOT SYSTEM command. Public documents identify the affected device and firmware version and describe the impact as DoS...

CVE-2024-3740 cym1102 nginxWebUI reload exec deserialization

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has...

SUSE CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

GHSA-WVPX-G427-Q9WC llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...