Adobe Acrobat Reader DC Continuous Security Update (APSB24-07) - Mac OS X

Adobe Acrobat Reader DC Continuous is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-4947

The CVE-2024-4947 entry corresponds to a Type Confusion vulnerability in Google Chrome/Chromium V8 that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected software is the Chrome/Chromium stack using V8 prior to version 125.0.6422.60. The root c...

CVE-2024-34909

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2024-34909

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...

Microsoft Windows Multiple Vulnerabilities (KB5037788)

This host is missing a critical security update according to Microsoft KB5037788 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-31803

Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT::readpredata128fromfile function...

CVE-2024-3809

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the ‘slideshowtype’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2023-47709

CVE-2023-47709 affects IBM Security Guardium versions 11.3, 11.4, 11.5 and 12.0. A remote authenticated attacker could execute arbitrary commands by sending a specially crafted request, due to a failure to neutralize certain elements in the OS command handling. The issue is confirmed in multiple ...

RHEL 5 : gimp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gimp: Heap-based buffer overflow in readchanneldata function in plug-ins/common/file-psp.c CVE-2017-17789...

RHEL 7 : qpdf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpdf: stack exhaustion in QPDFObjectHandle and QPDFDictionary classes in libqpdf.a CVE-2018-9918 - A...

RHEL 5 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: buffer overflow in handling of long link names in tar phar archives CVE-2016-2554 - php: Uninitializ...

CVE-2024-20862

CVE-2024-20862 affects SveService on Samsung Mobile devices prior to SMR May-2024 Release 1. The vulnerability is an out-of-bounds write that enables local privileged attackers to execute arbitrary code. Exploitation details are not provided in the sources, and no in-the-wild exploit information ...

Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)

Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...

CVE-2023-39457

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-27322

Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...

CVE-2023-35741

The CVE-2023-35741 entry concerns the D-Link DAP-2622 DDP service. Affected component: DDP configuration backup filename handling in the DAP-2622 router. Root cause: length-validation flaw when copying user-supplied data into a fixed-length stack-based buffer, leading to a stack buffer overflow. ...

CVE-2024-25290

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function...

CVE-2024-33429

Buffer-Overflow vulnerability at pcmconvert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file...

CVE-2024-31820

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component...

CVE-2024-33445

An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component...