CVE-2024-51141

CVE-2024-51141 affects TOTOLINK Bluetooth Wireless Adapter A600UB. The issue is tied to WifiAutoInstallDriver.exe and MSASN1.dll, with root cause described as incorrect integrity value checking in MSASN1.dll within the WifiAutoInstallDriver.exe file, enabling a local attacker to execute arbitrary...

Adobe Substance 3D Painter Untrusted Search Path Vulnerability

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter, which can be exploited by attackers to execute arbitrary code...

Adobe Substance 3D Painter Buffer Overflow Vulnerability (CNVD-2024-48221)

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter version 10.1.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

CVE-2024-50986

CVE-2024-50986 affects Clementine v1.3.1 and is exploitable via a local DLL hijacking/vector in Windows. A concrete PoC from a GitHub exploit shows that placing a crafted QUSEREX.DLL in C:\Users\AppData\Local\Microsoft\WindowsApps allows Clementine to load the malicious DLL at startup, enabling a...

CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code...

CVE-2024-10397

CVE-2024-10397 affects OpenAFS. According to Debian and related advisories, a malicious server can crash the OpenAFS cache manager and other client utilities and potentially execute arbitrary code. Debian- and Mageia advisories link this and related CVEs (CVE-2024-10394, CVE-2024-10396) to OpenAF...

CVE-2024-50839

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/addsubject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subjectcode and title parameters...

CVE-2024-50956

A buffer overflow in the RecvSocketData function of Inovance HCPLCAM401-CPU1608TPTN 21.38.0.0, HCPLCAM402-CPU1608TPTN 41.38.0.0, and HCPLCAM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted Modbus message...

KLA77062 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Blink can be...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ghostscript vulnerabilities (USN-7103-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7103-1 advisory. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to caus...

Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Application...

CVE-2024-20528 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

CVE-2023-29120

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

Security Bulletin: IBM Sterling Control Center is vulnerable due to Apache Commons issue

Summary Apache Commons is affecting IBM Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending...

CVE-2024-51248

The CVE-2024-51248 entry affects DrayTek Vigor3900 firmware (version 1.5.1.3). The root cause is lack of proper neutralization in the modifyrow function within mainfunction.cgi, enabling an attacker to inject commands and execute arbitrary code. Exploitation details are described across multiple ...

CVE-2024-51247

Affects DrayTek Vigor3900 firmware, version 1.5.1.3. The vulnerability arises from lack of neutralization of special elements in the operating system command used by the doPPPo function in the mainfunction.cgi script, enabling a remote attacker to inject and execute arbitrary commands. Documented...

CVE-2024-51430

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component...

CVE-2024-48200

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd conhost.exe...

CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

CVE-2024-9489

CVE-2024-9489 involves Autodesk AutoCAD where parsing a malicious DWG file in ACAD.exe can trigger a memory corruption vulnerability. The description and related sources indicate possible outcomes include a crash, reading/writing sensitive data, or arbitrary code execution within the process cont...