CVE-2024-7231

Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

CVE-2024-9753

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabili...

CVE-2024-9258

CVE-2024-9258 affects IrfanView via SID file parsing, where an uninitialized pointer is accessed, enabling remote code execution. The flaw requires user interaction (visiting a malicious page or opening a malicious file) and could execute code in the context of the current process. Root cause is ...

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

CVE-2024-38643 Notes Station 3

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...

CVE-2024-38643 Notes Station 3

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...

CVE-2024-38644

Notes Station 3 is affected by an OS command injection vulnerability prior to version 3.9.7. The issue could allow remote authenticated attackers to execute commands on affected systems. A fix is available in Notes Station 3 version 3.9.7 and later (3.9.7+); versions before 3.9.7 should upgrade t...

CVE-2024-48861 QHora

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later...

G DATA Software Total Security 后置链接漏洞

G Data G DATA Software Total Security is a suite of antivirus software from the German company G Data. The software is anti-phishing, anti-virus and anti-spam. G DATA Software Total Security suffers from a backlink vulnerability that stems from improper handling of symbolic links, which could all...

Panda Security Dome 安全漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from the Spanish company Panda Security. A security vulnerability exists in Panda Security Dome that stems from a lack of proper permission settings for folders created by the Hydra Sdk Windows service, which could allow a loc...

AVG AntiVirus Free 后置链接漏洞

AVG AntiVirus Free is a free antivirus program from AVG. AVG AntiVirus Free suffers from a back-link vulnerability that stems from a local elevation of privilege issue that could allow an attacker to delete files, which in turn could elevate privileges and execute arbitrary code in a SYSTEM...

AVG AntiVirus Free 后置链接漏洞

AVG AntiVirus Free is a free antivirus program from AVG. AVG AntiVirus Free suffers from a back-link vulnerability that stems from a local elevation of privilege issue that could allow an attacker to delete files, which in turn could elevate privileges and execute arbitrary code in a SYSTEM...

Panda Security Dome 代码问题漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from Spanish company Panda Security. A code issue vulnerability exists in Panda Security Dome, which arises from an improper restriction of the DLL search path by the VPN process, which could lead to a local attacker loading a...

Panda Security Dome 后置链接漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from Spanish company Panda Security. Panda Security Dome suffers from a back-linking vulnerability that originates from the link-following mechanism in the PSANHost executable, which could lead to a local attacker deleting an...

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

CVE-2024-51365

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-51364

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file...

CVE-2024-51365

...

CVE-2024-48747

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file...

CVE-2024-51367

CVE-2024-51367 affects BlackBoard v2.0.0.2 with an arbitrary file upload vulnerability in the component path "\Users\username.BlackBoard", allowing an attacker to execute arbitrary code by uploading a crafted .xml file. Public sources consistently describe the impact as remote code execution via ...