Kofax Power PDF Heap Buffer Overflow Remote Code Execution Vulnerability

Kofax Power PDF is a professional PDF editing and management software from Kofax. Kofax Power PDF suffers from a heap buffer overflow remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code...

Microsoft Windows Secure Boot 安全漏洞

Microsoft Windows Secure Boot is a secure boot from Microsoft USA. A security feature bypass vulnerability exists in Microsoft Windows Secure Boot, which can be exploited by attackers to bypass security features...

CVE-2024-36305

CVE-2024-36305 concerns a local privilege-escalation in Trend Micro Apex One (on-premise/Apex One as a service) via a security agent link following vulnerability. The issue enables a local attacker, who already has low-privilege code execution, to escalate privileges on affected installations. Th...

TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

CVE-2024-30527

CVE-2024-30527 affects WordPress WP Express Checkout (Accept PayPal Payments) plugin up to version 2.3.7. An improper validation of the specified quantity in input allows manipulating hidden fields during checkout, enabling price manipulation. Mitigation: upgrade to a version later than 2.3.7 (pa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. Attackers exploit the vulnerability to cause the kernel to crash...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. Attackers exploit the vulnerability to cause the kernel to crash...

RuvarOA id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /SysManage/sysblogtemplatenew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

Debian dsa-5672 : openjdk-17-dbg - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5672 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.1.7)

The version of AOS installed on the remote host is prior to 6.7.1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.1.7 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

CVE-2024-25063

Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to...

CVE-2024-22223

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svccbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with t...

IBM Java 7.1 < 7.1.5.21 / 8.0 < 8.0.8.20 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.1 7.1.5.21 / 8.0 8.0.8.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 16 2024 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

CVE-2023-52092

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources...

Important: ecs-init

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...