Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-38465)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

Code execution vulnerability in multiple Mozilla products (CNVD-2024-46833)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device. The specific flaw exists within the...

CVE-2024-42489

CVE-2024-42489 affects Pro Macros (XWiki rendering macros). The vulnerability is due to missing escaping in the Viewpdf macro (and similar macros like Viewppt ), enabling remote code execution for users with view/edit/comment rights on affected pages. Root cause: missing escaping on CKEditor.HTML...

Command Execution Vulnerability in MetaCRM6 Customer Relationship Management System of Beijing Meta Software Technology Co.

Beijing Metsoft Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the MetaCRM6 customer relationship management system of Beijing Meta Software Technology Co. Ltd, which can be...

Siemens Omnivise T3000 Application Server Code Execution Vulnerability

The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei Huawei.Huawei EMUI is a mobile operating system based on Android development.Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. Huawei EMUI and Huaw...

CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

Dell Peripheral Manager Uncontrolled Search Path Element Vulnerability (CNVD-2024-34485)

Dell Peripheral Manager is an application from Dell USA. It provides on-screen instructions on how to pair other devices with your computer via Bluetooth. An uncontrolled search path element vulnerability exists in Dell Peripheral Manager versions prior to 1.7.6, which can be exploited by an...

Dell Inventory Collector Path Traversal Vulnerability

Dell Inventory Collector is a driver from Dell USA. A path traversal vulnerability exists in Dell Inventory Collector versions prior to 12.3.0.6, which can be exploited by a locally authenticated attacker to execute arbitrary code on the system...

Command Execution Vulnerability in Tianrongxin Internet Behavior Management System of Beijing Tianrongxin Technology Co. Ltd (CNVD-2024-37302)

Beijing Tianrongxin Technology Co., Ltd. is a solution provider of information security products and services in China. Beijing Tianrongxin Technology Co., Ltd Tianrongxin Internet behavior management system has a command execution vulnerability that can be exploited by attackers to gain control ...

Apple macOS ramrod arbitrary argv[0] execution vulnerability

Talos Vulnerability Report TALOS-2024-2010 Apple macOS ramrod arbitrary argv0 execution vulnerability July 30, 2024 CVE Number CVE-2024-40800 SUMMARY An arbitrary argv0 execution vulnerability exists in the ramrod binary of Apple macOS version 14.5 23F79 x8664. An attacker can inject an arbitrary...

Google Chrome Code Execution Vulnerability (CNVD-2024-34498)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in Tabs, which can be exploited by an attacker to execute arbitrary code on the system...

Google Chrome Code Execution Vulnerability (CNVD-2024-33612)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in Dawn. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Command Execution Vulnerability in Multiple Products of FanSoft Software Co.

Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A command execution vulnerability exists in multiple products of SailSoft Software Limited, which can be exploited by attackers to gain control of a server...

CVE-2024-26020

CVE-2024-26020 : The vulnerability affects Ankitects Anki 24.04, where the MPV functionality in flashcards processes user-supplied content and can trigger arbitrary code execution via a crafted flashcard. Multiple connected sources corroborate exploitation potential and assign high/critical impac...

Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Broadcom Symantec Privileged Access Management Command Execution Vulnerability

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

Triangle MicroWorks SCADA Data Gateway Arbitrary File Write Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. Triangle MicroWorks SCADA Data Gateway suffers from an arbitrary file write vulnerability that can be exploited by an attacker to write arbitrary files and execute arbitrary code...

PDF-XChange Editor Out-of-Bounds Write Vulnerability (CNVD-2024-33589)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code...