Microsoft Excel Elevation of Privilege Vulnerability (CNVD-2024-42948)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code with elevated privileges...

Ubuntu: Security Advisory (USN-6998-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in shim library (CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551) affect Power HMC.

Summary The shim library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40546 DESCRIPTION: rhboot shim is vulnerable to a denial of service, caused by a NULL pointer dereference f;aw in the mirroroneesl function in...

CVE-2024-33698

A vulnerability has been identified in Opcenter Quality All versions V2406, Opcenter RDnL All versions V2410, SIMATIC PCS neo V4.0 All versions, SIMATIC PCS neo V4.1 All versions V4.1 Update 2, SIMATIC PCS neo V5.0 All versions V5.0 Update 1, SINEC NMS All versions, SINEMA Remote Connect Client A...

KLA73221 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Azure CycleCloud can be exploited remotely to execute...

CVE-2024-44871

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file...

Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Ubuntu: Security Advisory (USN-6992-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

CVE-2024-34657

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code...

CVE-2024-44920

CVE-2024-44920 is a documented cross-site scripting (XSS) vulnerability in SeaCMS v12.9, affecting the component derive from the description: admin_collect_news.php. The vulnerability can be triggered by injecting a crafted payload into the siteurl parameter, enabling attackers to execute arbitra...

KLA73124 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1...

CVE-2024-45623

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server httpd. NOTE: This vulnerability only affects products that are no longer supported by t...

CVE-2024-5622 Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL = R 4.2.-07P3 and = R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges...

Dell Client BIOS Improper Input validation (DSA-2024-260)

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution. Note that Nessus has not tested for this issue but has instead relied only on t...

CVE-2024-42770

A Stored Cross Site Scripting XSS vulnerability was found in "/core/signupuser.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "useremail" parameter...

Dell SupportAssist for Home PCs 代码问题漏洞

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A code issue vulnerability exists in Dell SupportAssist for Home PCs version 4.0.3, which stems from the...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-2255)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2024-42676

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component...