The vulnerability of the AcTranslators.exe executable file of the AutoCAD simulation, design, and drafting software allows a perpetrator to record confidential data or execute arbitrary code.

The vulnerability of the AcTranslators.exe executable file used in AutoCAD modeling, design, and drawing software lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to write confidential data or execute arbitrary code withi...

Malicious code in alex_evil-test-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 055ea9627aa88ed77488e1c0cdc293a76dfe9e3d24d6fbfc3c897233e426303d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in odyssey-storybook (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ce9d73f12a7c3aaf67cec3e8f097a12ee60fd024262c709adc6a096289c9c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50986

CVE-2024-50986 affects Clementine v1.3.1 and is exploitable via a local DLL hijacking/vector in Windows. A concrete PoC from a GitHub exploit shows that placing a crafted QUSEREX.DLL in C:\Users\AppData\Local\Microsoft\WindowsApps allows Clementine to load the malicious DLL at startup, enabling a...

CVE-2024-51141

CVE-2024-51141 affects TOTOLINK Bluetooth Wireless Adapter A600UB. The issue is tied to WifiAutoInstallDriver.exe and MSASN1.dll, with root cause described as incorrect integrity value checking in MSASN1.dll within the WifiAutoInstallDriver.exe file, enabling a local attacker to execute arbitrary...

Adobe Substance 3D Painter Buffer Overflow Vulnerability (CNVD-2024-48221)

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter version 10.1.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Painter Untrusted Search Path Vulnerability

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter, which can be exploited by attackers to execute arbitrary code...

CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code...

CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code...

CVE-2024-10397

CVE-2024-10397 affects OpenAFS. According to Debian and related advisories, a malicious server can crash the OpenAFS cache manager and other client utilities and potentially execute arbitrary code. Debian- and Mageia advisories link this and related CVEs (CVE-2024-10394, CVE-2024-10396) to OpenAF...

PT-2024-37362 · Rockwell Automation · Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Input Analyzer affected versions not specified Description: A memory corruption issue exists when parsing DFT files, allowing local threat actors to disclose information and execute arbitrary code by opening a...

CVE-2024-50839

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/addsubject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subjectcode and title parameters...

The vulnerability of the execute_filter_audio function in the archive_read_support_format_rar.c library of the Libarchive library, which involves reading beyond the permissible buffer data limits, allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the executefilteraudio function in the archivereadsupportformatrar.c component of the Libarchive library relates to reading data beyond the allowable buffer limits. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, an...

Siemens SINEC INS Path Traversal Vulnerability (CNVD-2024-45208)

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. A path traversal vulnerability exists in Siemens SINEC INS, which stems from not properly clearing user-supplied paths for sftp-based file uploads and downloads, and can be...

CVE-2024-50956

A buffer overflow in the RecvSocketData function of Inovance HCPLCAM401-CPU1608TPTN 21.38.0.0, HCPLCAM402-CPU1608TPTN 41.38.0.0, and HCPLCAM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted Modbus message...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-43415

CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager that stems from the inclusion of a path traversal vulnerability. A remote, authenticated attacker with administrator privileges could explo...