Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. A security vulnerability exists in Autodesk AutoCAD that stems from a heap-based buffer overflow vulnerability that can be triggered when parsing a maliciously crafted 3DM file in AcTranslators.exe, which can be...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk AutoCAD that originates from a memory corruption vulnerability that may be triggered when parsing a maliciously crafted CATPART file in...

PT-2024-10276 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.17 IBM Robotic Process Automation versions 23.0.0 through 23.0.18 Description: The issue is related to errors in inherited permissions. It could allow a local user to escalate thei...

CVE-2024-20370

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

NetworkManager-libreswan: Local privilege escalation via leftupdown

A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...

NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration

Talos Vulnerability Report TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration October 23, 2024 CVE Number CVE-2024-0118 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D...

CVE-2024-9050 Networkmanager-libreswan: local privilege escalation via leftupdown

A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

CVE-2024-47485

CVE-2024-47485 describes a CSV injection vulnerability in some HikCentral Master Lite versions. The CSV injection could allow an attacker to craft data that leads to executable commands when the CSV file is processed. Affected component is the HikCentral Master Lite CSV handling; root cause is in...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

OpenSight FlashFXP 代码问题漏洞

OpenSight FlashFXP is a secure FTP client software for Windows from OpenSight. A code issue vulnerability exists in OpenSight FlashFXP version 5.4.0.3970, which stems from an unknown function in the library libcrypto-11.dll in the file FlashFXP.exe that can lead to uncontrolled search paths...

VSO ConvertXtoDvd 代码问题漏洞

VSO ConvertXtoDvd is a software from VSO that can convert video to any format. A code issue vulnerability exists in VSO ConvertXtoDvd version 7.0.0.83, which stems from a function avcodec.dll in the file ConvertXtoDvd.exe that results in an uncontrolled search path. No details of the vulnerabilit...

Qnap QTS Classic Buffer Overflow (CVE-2023-45037)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Qnap QTS Classic Buffer Overflow (CVE-2023-32968)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that contains a malicious payload. The file is encoded with a custom algorithm, making it difficult to analyze without decoding. The code is written in C and uses various techniques to evade detection, including: 1. Co...

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...