CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

DEBIAN-CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

UBUNTU-CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

PT-2024-4731

Name of the Vulnerable Software and Affected Versions: Exim versions prior to 4.98 Exim versions 4.97.1 and earlier Exim versions 4.93-13ubuntu1.12 and earlier Exim versions 4.94.2-7+deb11u3 and earlier Exim versions 4.96-15+deb12u5 and earlier Description: Exim is vulnerable to a parsing error i...

CVE-2024-39929

CVE-2024-39929 affects Exim by misparsing multiline RFC 2231 header filenames, allowing a remote attacker to bypass a mime_filename extension-blocking check and potentially deliver executable attachments. Public references show patches exist: Fedora/NASL entries note fixes in exim 4.98 (and newer...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both a professional video encoder device from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. An attacker could exploit this vulnerability to download source code or executable files from a remote locatio...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

PT-2024-15262 · Softmaker +1 · Softmaker Office 2024 +3

Name of the Vulnerable Software and Affected Versions: SoftMaker Office 2024 / NX versions prior to revision 1214 SoftMaker FreeOffice 2014 versions prior to revision 1215 SoftMaker FreeOffice 2021 no fix available Description: An issue was discovered in the SoftMaker Office and FreeOffice MSI...

Astra Linux – Vulnerability in exim4

In versions of Exim up to 4.97.1, Misparse processes multi-line RFC 2231 header filenames. As a result, remote attackers can bypass the protection mechanism that blocks $mimefilename extensions, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3, whi...

PT-2024-33246 · Progress · Progress Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Progress WhatsUp Gold versions prior to 2023.1.3 Description: A Remote Code Execution issue exists in Progress WhatsUp Gold, allowing an unauthenticated attacker to achieve Remote Code Execution as a service account through NmApi.exe...

CSV Injection

silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's system...

Foxit Reader Privilege Escalation Vulnerability (Jun 2024)

Foxit Reader is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-37848

SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admindelete.php component...

Privilege Escalation

github.com/dnscrypt/dnscrypt-proxy is vulnerable to Privilege escalation. The vulnerability is caused by insecure file permissions on the dnscrypt-proxy executable, which allows non-privileged users to overwrite it with malicious code, leading to potential privilege escalation to root when the...

CVE-2024-27173

Toshiba e-STUDIO multi-function printers are affected by CVE-2024-27173 in the Remote Command program, enabling remote code execution by overwriting Python executables. Root cause involves execution of code via uploaded/modified Python files, with impact to confidentiality, integrity, and availab...