1914 matches found
GLPI Security Vulnerabilities
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
CVE-2024-5974
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3...
Jungo WinDriver Privilege Management Error Vulnerability
Jungo WinDriver is a device driver development toolkit from Israel's Jungo that supports any device, regardless of its chip vendor, with the ability to focus on the value-added functionality of the driver rather than the operating system internals. A privilege management error vulnerability exist...
Jungo WinDriver Privilege Management Error Vulnerability (CNVD-2024-34416)
Jungo WinDriver is a device driver development toolkit from Israel's Jungo that supports any device, regardless of its chip vendor, with the ability to focus on the value-added functionality of the driver rather than the operating system internals. A privilege management error vulnerability exist...
CVE-2024-5349
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
PT-2024-20736 · Jungo · Windriver
Name of the Vulnerable Software and Affected Versions: Jungo WinDriver versions prior to 12.5.1 Description: The issue is related to improper privilege management, allowing local attackers to escalate privileges and execute arbitrary code. This can be exploited by attackers to gain elevated acces...
CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order ...
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 CVSS score: 7.5, the "UEFIcanhazbufferoverflow" vulnerability has been described...
CVE-2024-5724 Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGMallphotosdetails' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abov...
Prototype Pollution
@abw/badger-database is vulnerable to Prototype Pollution. The vulnerability is due to a flaw in the file dist/badger-database.esm, which allows an attacker to execute arbitrary code by manipulating object prototypes...
Dropbox desktop application security vulnerability
Dropbox desktop application is an open source, cross-platform online file storage, synchronization, and sharing application from Dropbox Inc. in the United States. A security vulnerability exists in the Dropbox desktop application, which stems from a specific flaw in the handling of shared folder...
USN-6830-1 libndp vulnerability
It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code...
CVE-2024-35213
An improper input validation vulnerability in the SGI Image Codec of QNX SDP versions 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process...
CVE-2024-35213 Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)
An improper input validation vulnerability in the SGI Image Codec of QNX SDP versions 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process...
CVE-2024-35213
CVE-2024-35213 pertains to an improper input validation in the SGI Image Codec of BlackBerry QNX SDP, affecting versions 6.6, 7.0, and 7.1. The vulnerability could allow an attacker to cause a denial-of-service or execute code within the image processing process. Concrete technical details across...
Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
PT-2024-19951 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.3 Description: The issue arises from the application's handling of the "/execute code" endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the "/update...
CVE-2023-38042
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM...
CVE-2023-38042
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM...
CVE-2024-35592
CVE-2024-35592 affects Box-IM, specifically version 2.0. The vulnerability is an arbitrary file upload in the Upload function that enables arbitrary code execution via a crafted PDF file. The available sources indicate a high-severity impact (CVSS 3.1: 9.6, CRITICAL) with network vector, no privi...