CVE-2024-6287 Incorrect Address Range Calculations

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite ...

CVE-2024-6287

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite ...

(Pwn2Own) Ubiquiti Networks EV Station EVCLauncher Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Ubiquiti Networks EV Station. User interaction is not required to exploit this vulnerability. The specific flaw exists within the EVCLauncher application. The...

CVE-2024-34086

A vulnerability has been identified in JT2Go All versions V2312.0001, Teamcenter Visualization V14.1 All versions V14.1.0.13, Teamcenter Visualization V14.2 All versions V14.2.0.10, Teamcenter Visualization V14.3 All versions V14.3.0.7, Teamcenter Visualization V2312 All versions V2312.0001. The...

CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2024-23461

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

CVE-2024-23461

CVE-2024-23461 affects Zscaler Client Connector on macOS prior to 3.4. The issue is an improper validation of integrity check values during the upgrade process, which may allow local code execution. Affected product: Zscaler Client Connector for macOS (pre-3.4). Impact per provided details: local...

CVE-2024-23461 ZCC macOS Upgrade ZIP Bomb DoS

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

CVE-2023-41970 Repair App local code execution with arbitrary privileges

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2023-41970

CVE-2023-41970 affects Zscaler Client Connector on Windows prior to 4.1.0.62. The issue is an improper validation of an Integrity Check Value during the Repair App functionality, which may allow local code execution with elevated privileges. Impact and exploit details are described in connected s...

CVE-2024-4031 MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability

Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code...

CVE-2024-21803 Possible UAF in bt_accept_poll in Linux kernel

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

CVE-2024-21803 Possible UAF in bt_accept_poll in Linux kernel

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

TikTok: Stored-XSS-ads.tiktok.com

A stored cross-site scripting XSS vulnerability was found on a TikTok Ads endpoint, allowing MP4 video files or files with HTML or JS code to be executed in a user's browser...

Adobe After Effects 安全漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects versions...

Dell SupportAssist Multiple Vulnerabilities (DSA-2022-139)

According to its self-reported version number, the version of Dell SupportAssist Client is affected by multiple vulnerabilities. - Dell SupportAssist Client Consumer versions 3.10.4 and versions prior and Dell SupportAssist Client Commercial versions 3.1.1 and versions prior contain an arbitrary...

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unrestricted Upload of File with Dangerous Type (CVE-2017-9650)

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu,...

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

Input validation

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability (CNVD-2023-29373)

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...