Arbitrary Code Execution (ACE)

pnpm is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to mishandling of overrides and global cache, where overrides from one workspace leak into npm metadata saved in global cache, affecting other workspaces, and installs fail to revalidate data, allows an attacker to execu...

CVE-2024-12670

CVE-2024-12670 describes a heap-based overflow in Autodesk Navisworks when parsing DWFX files. The issue allows a malicious DWFX to cause a crash, read sensitive data, or execute arbitrary code in the current process, with local access and user interaction required. Connected sources (NVD/Red Hat...

CVE-2024-12178 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

Siemens Opcenter Quality Buffer Overflow Vulnerability

Opcenter Quality is a closed-loop quality management system QMS product family from Siemens designed to ensure compliance and drive continuous improvement to deliver high-quality products. A buffer overflow vulnerability exists in Siemens Opcenter Quality, which can be exploited by an...

CVE-2024-9508

CVE-2024-9508 affects Horner Automation Cscape. The vulnerability is a memory corruption issue in CSP file parsing that could allow an attacker to disclose information and execute arbitrary code. According to the sources, exploitation is local with low attack complexity and user interaction requi...

Liferay Portal 7.4.0 < 7.4.3.104 CSRF

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA tCross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through...

CVE-2023-7298

CVE-2023-7298 concerns Autodesk FBX SDK. A crafted FBX file can trigger an Out-of-Bounds Write in the FBX parser, enabling a attacker to crash the process, corrupt data, or potentially execute arbitrary code in the affected product. Documented impacts include crash, data integrity risks, and remo...

CVE-2023-7298 Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software

A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2024-30963

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script...

CVE-2024-37860

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2amcl process...

CVE-2024-30961

CVE-2024-30961 affects Open Robotics ROS2 Navigation2 (navigation2-humble and related nav2_bt_navigator). The vulnerability is described as an insecure permissions issue that enables a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. CVSS data indicate...

CVE-2024-48453

An issue in INOVANCE AM401CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function...

CVE-2024-29404

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component...

CVE-2024-49415

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code...

CVE-2024-53564

The CVE concerns FreePBX 17.0.19.17 where uploaded file types are not validated, enabling high-privilege administrators to insert unwanted files. Root cause: lack of file-type validation in the upload flow of FreePBX modules. Potential impact: remote code execution is stated in one source, but ot...

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded valid FreePBX module files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are...

CVE-2024-48406

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the poweructintt x, uctintt n in src/uctupstream.c...

Ubuntu: Security Advisory (USN-7126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-11145

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5...

CVE-2024-53913

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...