Zyxel NAS Multiple Vulnerabilities

The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. CVE-2024-29973 - Th...

CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...

CVE-2024-0095 CVE

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...

curl: Unicode-to-ASCII conversion on Windows can lead to argument injection and more

Vulnerability description not provided...

PT-2024-21707

Name of the Vulnerable Software and Affected Versions Toshiba Tec Remote Command program affected versions not specified Description The issue allows an attacker to achieve Remote Code Execution by overwriting existing Python files that contain executable code. This can be difficult to execute...

Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

The vulnerability of the LaborOfficeFree software for managing shift scheduling and working hours, which stems from the use of pre-installed database records, allows a perpetrator to gain unauthorized access to the application’s backup database.

The vulnerability of the executable files LOFservice.exe and LaborOfficeFree.exe of the LaborOfficeFree software for workforce management and time tracking involves the use of pre-installed database credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...

Fedora: Security Advisory for rust-copydeps (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

RHEL 8 : 2.5_rubygem-bundler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 No...

PT-2024-40995 · Fwupdate · Fwupdate

Name of the Vulnerable Software and Affected Versions: fwupdate affected versions not specified Description: The issue involves rebuilding the package with a new secure boot key and updating the email address of the security team in SBAT. Additionally, the memory permission is set explicitly in e...

[SECURITY] Fedora 40 Update: qt6-qtscxml-6.7.1-1.fc40

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

CVE-2024-29072

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege...

CVE-2024-29072

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege...