Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...

CVE-2024-9244

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-9258

CVE-2024-9258 affects IrfanView via SID file parsing, where an uninitialized pointer is accessed, enabling remote code execution. The flaw requires user interaction (visiting a malicious page or opening a malicious file) and could execute code in the context of the current process. Root cause is ...

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

Panda Security Dome 安全漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from the Spanish company Panda Security. A security vulnerability exists in Panda Security Dome that stems from a lack of proper permission settings for folders created by the Hydra Sdk Windows service, which could allow a loc...

G DATA Software Total Security 后置链接漏洞

G Data G DATA Software Total Security is a suite of antivirus software from the German company G Data. The software is anti-phishing, anti-virus and anti-spam. G DATA Software Total Security suffers from a backlink vulnerability that stems from improper handling of symbolic links, which could all...

AVG AntiVirus Free 后置链接漏洞

AVG AntiVirus Free is a free antivirus program from AVG. AVG AntiVirus Free suffers from a back-link vulnerability that stems from a local elevation of privilege issue that could allow an attacker to delete files, which in turn could elevate privileges and execute arbitrary code in a SYSTEM...

AVG AntiVirus Free 后置链接漏洞

AVG AntiVirus Free is a free antivirus program from AVG. AVG AntiVirus Free suffers from a back-link vulnerability that stems from a local elevation of privilege issue that could allow an attacker to delete files, which in turn could elevate privileges and execute arbitrary code in a SYSTEM...

Panda Security Dome 代码问题漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from Spanish company Panda Security. A code issue vulnerability exists in Panda Security Dome, which arises from an improper restriction of the DLL search path by the VPN process, which could lead to a local attacker loading a...

Panda Security Dome 后置链接漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from Spanish company Panda Security. Panda Security Dome suffers from a back-linking vulnerability that originates from the link-following mechanism in the PSANHost executable, which could lead to a local attacker deleting an...

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

CVE-2024-11495

CVE-2024-11495 describes a buffer overflow in OllyDbg 1.10 caused by lack of proper bounds checking, enabling a local attacker to execute arbitrary code. Multiple sources (NVD, CVE record) confirm a local-exploit scenario with high impact, consistent with a serverless/hosted debugger context. The...

CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code...

PT-2024-37362 · Rockwell Automation · Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Input Analyzer affected versions not specified Description: A memory corruption issue exists when parsing DFT files, allowing local threat actors to disclose information and execute arbitrary code by opening a...

Siemens SINEC INS Path Traversal Vulnerability (CNVD-2024-45208)

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. A path traversal vulnerability exists in Siemens SINEC INS, which stems from not properly clearing user-supplied paths for sftp-based file uploads and downloads, and can be...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager that stems from the inclusion of a path traversal vulnerability. A remote, authenticated attacker with administrator privileges could explo...

D-Link DWR-2000M 安全漏洞

The D-Link DWR-2000M is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DWR-2000M. A local attacker can exploit the vulnerability to execute arbitrary code via a crafted request...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...