CVE-2024-40493

Null Pointer Dereference in coapclientexchangeblockwise2 function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes coapmsggetpayloadresp to return a null pointer, which is then...

GHSA-6C4V-X9V2-RJM8 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

CVE-2024-26271

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

CVE-2024-46482

An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file...

CVE-2024-48659

DCME-320-L firmware versions prior to 9.3.2.114 are affected. The vulnerability lies in the log_u_umount.php component, allowing a remote attacker to execute arbitrary code. Impact is remote code execution with high confidentiality, integrity, and availability consequences. Exploitation details a...

CVE-2024-27766

CVE-2024-27766 describes an issue in MariaDB 11.1 where a remote attacker may execute arbitrary code via the lib_mysqludf_sys.so function. Multiple connected sources confirm remote code execution potential, but note that the MariaDB Foundation disputes the severity/privilege boundary claim, stati...

KLA74117 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Parce...

CVE-2024-48781

The CVE-2024-48781 entry concerns Wanxing Technology Yitu Project Management Kirin Edition 2.3.6. A remote attacker can trigger arbitrary code execution by supplying a specially crafted file to /opt/EdrawProj-2/plugins/imageformat. The issue is described consistently across multiple sources (NVD/...

Adobe Animate Memory Misreference Vulnerability (CNVD-2024-41261)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Framemaker Code Issue Vulnerability (CNVD-2024-40916)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A code issue vulnerability exists in Adobe Framemaker. An attacker could exploit this vulnerability to execute...

CVE-2024-46088

CVE-2024-46088 affects Zhejiang University Entersoft Customer Resource Management System (v2002–v2024) via the ProductAction.entphone interface. The vulnerability is an arbitrary file upload that allows remote code execution. Root cause: improper file upload handling. Impact: potential full compr...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : libgsf vulnerabilities (USN-7062-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7062-1 advisory. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were...

CVE-2024-34668

Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...

CVE-2024-41593

CVE-2024-41593 affects DrayTek Vigor310 devices up to version 4.3.2.6. The vulnerability is a heap-based buffer overflow in the web interface function ft_payload_dns due to a byte sign-extension in the length argument of a memcpy call, enabling remote code execution. Connected sources confirm the...

CVE-2024-45965

Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3518]

Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3518 Vulnerability Details CVEID:CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system,...

ROS-20240927-01

Vulnerability of FFmpeg multimedia library function loadinputpicture is related to buffer copying without checking input data size. checking the size of the input data. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in interpolate component...