CVE-2024-6596

CVE-2024-6596 concerns Endress+Hauser products (notably Echo Curve Viewer and related Curve functionality). The connected sources describe an unauthenticated remote attacker who can run malicious C# code contained in curve files and thereby execute commands in the user’s context, enabling remote ...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from a program that allows a user with elevated privileges to execute a program that displays data over the network...

CVE-2024-44871

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file...

KLA73221 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Azure CycleCloud can be exploited remotely to execute...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...

Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

PYSEC-2024-266

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

CVE-2022-27592

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following...

CVE-2024-32763 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2024-32763

CVE-2024-32763 affects QNAP QTS and QuTS hero. A buffer copy without input size checking can let an authenticated user execute code over the network. Affected products include QTS and QuTS hero, with fixes released in QTS 5.1.8.2823 build 20240712 and later, and QuTS hero h5.1.8.2823 build 202407...

Ubuntu: Security Advisory (USN-6992-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-37491 · Malwarebytes · Malwarebytes Antimalware

Name of the Vulnerable Software and Affected Versions: Malwarebytes Antimalware affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute...

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

CVE-2024-34657

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code...

CVE-2024-34660

Samsung Notes contains a heap-based out-of-bounds write vulnerability in versions prior to 4.4.21.62, enabling a local attacker with low privileges to potentially execute arbitrary code on the affected device. The issue is confirmed across multiple sources; the impact is described as arbitrary co...

PT-2024-31420 · Ibm · Webmethods Integration

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration version 10.15 Description: The issue allows an authenticated user to upload and execute arbitrary files, which could be executed on the underlying operating system. This flaw enables attackers to execute arbitrary...

CVE-2024-44920

CVE-2024-44920 is a documented cross-site scripting (XSS) vulnerability in SeaCMS v12.9, affecting the component derive from the description: admin_collect_news.php. The vulnerability can be triggered by injecting a crafted payload into the siteurl parameter, enabling attackers to execute arbitra...

KLA73124 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1...

CVE-2024-43775

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter...

CVE-2024-45623

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server httpd. NOTE: This vulnerability only affects products that are no longer supported by t...