CVE-2024-4131

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4130

CVE-2024-4130 corresponds to a DLL hijack vulnerability in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. The connected documents consistently describe a local-privilege-escalation impact via a DLL hijack in Lenovo App Store, but do not furnish concre...

CVE-2024-4089

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4089

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges...

Lenovo Personal Cloud Storage 安全漏洞

Lenovo Personal Cloud Storage is a personal cloud storage from the Chinese company Lenovo. A security vulnerability exists in Lenovo Personal Cloud Storage. A local attacker could exploit the vulnerability to elevate privileges and execute code...

Lenovo Service Framework 安全漏洞

Lenovo Service Framework is a utility program from the Chinese company Lenovo. A security vulnerability exists in Lenovo Service Framework. A local attacker could exploit the vulnerability to elevate privileges and execute code...

Lenovo Lock Screen 安全漏洞

Lenovo Lock Screen is a lock screen application from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo Lock Screen. A local attacker could exploit the vulnerability to elevate privileges and execute code...

CVE-2024-47965 Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47963 Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office components. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to tric...

CVE-2024-41902

Siemens JT2Go is affected by a stack-based buffer overflow in the PDF parsing path for all versions prior to V2406.0003. The vulnerability could allow code execution in the context of the current process. The issue is triggered when handling specially crafted PDF files and is described in CVE-202...

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

Foxit PDF Reader Elevation of Privilege Vulnerability

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. An elevation of privilege vulnerability exists in Foxit PDF Reader, which stems from not properly assigning privileges when handling configuration files, and can be exploited by an attacker to elevate...

LocalAI 代码注入漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code injection vulnerability exists in LocalAI version 2.17.1, which originates when the localai backend receives input not only from a configuration file, but also from other inputs, allowing...

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system and could allow a remote attacker to obtain sensitive information. This can affect watsonx.data. This can affect IBM watsonx.data Vulnerability Details CVEID:CVE-2019-12384 DESCRIPTION:...

CVE-2024-45105

Summary: CVE-2024-45105 describes a UEFI SMM callout vulnerability affecting Lenovo ThinkSystem servers. The issue could allow a local attacker with elevated privileges to execute arbitrary code via a SMM callout. The CVSS vectors indicate local access, low attack complexity, but required high pr...

Vulnerabilities fixed in Citrix Workspace App for Windows

Citrix has fixed vulnerabilities in the Citrix Workspace App for Windows. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute code with SYSTEM privileges. Citrix has released updates to fix the vulnerabilities. See attached...

PYSEC-2024-83

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction...

PT-2024-31811 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 and newer Description: The issue is related to the deserialization of untrusted data in the MindsDB platform. This allows a maliciously uploaded 'inhouse' model to run arbitrary code on the server when a 'describe'...

MindsDB 安全漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB version 23.10.2.0 and earlier, which stems from the presence of deserialization of untrusted data, allowing a maliciously uploaded model to run arbitrary code on the server when...