CVE-2024-4089

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges...

Lenovo Personal Cloud Storage 安全漏洞

Lenovo Personal Cloud Storage is a personal cloud storage from the Chinese company Lenovo. A security vulnerability exists in Lenovo Personal Cloud Storage. A local attacker could exploit the vulnerability to elevate privileges and execute code...

Lenovo Service Framework 安全漏洞

Lenovo Service Framework is a utility program from the Chinese company Lenovo. A security vulnerability exists in Lenovo Service Framework. A local attacker could exploit the vulnerability to elevate privileges and execute code...

Adobe Framemaker Code Issue Vulnerability (CNVD-2024-40916)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A code issue vulnerability exists in Adobe Framemaker. An attacker could exploit this vulnerability to execute...

CVE-2024-46088

CVE-2024-46088 affects Zhejiang University Entersoft Customer Resource Management System (v2002–v2024) via the ProductAction.entphone interface. The vulnerability is an arbitrary file upload that allows remote code execution. Root cause: improper file upload handling. Impact: potential full compr...

Lenovo Lock Screen 安全漏洞

Lenovo Lock Screen is a lock screen application from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo Lock Screen. A local attacker could exploit the vulnerability to elevate privileges and execute code...

CVE-2024-47965 Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47963 Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

AZL-50305 CVE-2024-48958 affecting package libarchive for versions less than 3.7.7-1

executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

DEBIAN-CVE-2024-48958

executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

AZL-50310 CVE-2024-48958 affecting package libarchive for versions less than 3.6.1-4

executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

ALPINE-CVE-2024-48957

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

AZL-50315 CVE-2024-48957 affecting package libarchive for versions less than 3.6.1-4

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

libarchive 缓冲区错误漏洞

libarchive is a multi-format archive and compression library open-sourced by libarchive. A security vulnerability exists in versions of libarchive prior to 3.7.5, which stems from executefilteraudio in archivereadsupportformatrar.c that allows out-of-bounds access via a carefully crafted archive...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : libgsf vulnerabilities (USN-7062-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7062-1 advisory. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were...

K000141393: Containerd vulnerability CVE-2021-41103

Security Advisory Description containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux...

Fortinet Multiple Products Format String Vulnerability

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office components. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to tric...

CVE-2024-3506

CVE-2024-3506 corresponds to a buffer overflow in Milestone XProtect Device Pack camera drivers (Siveillance Video/XProtect Device Pack). Affected component is the camera driver within the Device Pack, with exploitation requiring access to an internal network and high attack complexity; CVSS show...

CVE-2024-41902

Siemens JT2Go is affected by a stack-based buffer overflow in the PDF parsing path for all versions prior to V2406.0003. The vulnerability could allow code execution in the context of the current process. The issue is triggered when handling specially crafted PDF files and is described in CVE-202...