CVE-2024-8576

The CVE-2024-8576 issue affects TOTOLINK AC1200 T8/T10 (versions 4.1.5cu.861_B20230220–4.1.8cu.5207) where an input in the setIpPortFilterRules function (/cgi-bin/cstecgi.cgi) allows manipulation of the desc parameter to cause a buffer overflow. This enables a remote attacker to potentially corru...

FreeBSD : firefox -- Potential memory corruption and exploitable crash (7ade3c38-6d1f-11ef-ae11-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ade3c38-6d1f-11ef-ae11-b42e991fc52e advisory. [email protected] reports: An error in the ECMA-262 specification relating to Async Generators could...

CVE-2024-7652

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128...

CVE-2024-7652

CVE-2024-7652 involves a type confusion in the ECMA-262 Async Generators path that could lead to memory corruption and an exploitable crash. Affected products include Firefox and Thunderbird releases prior to 128 (Firefox <128, ESR <115.13; Thunderbird <115.13 and

CVE-2024-8394

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird 128.2...

firefox -- Potential memory corruption and exploitable crash

[email protected] reports: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework library that could be identified and exploited with automated tools. This has been addressed in an update. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker...

CVE-2024-8385

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2...

CVE-2024-8381

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and Thunderbird 115.15...

CVE-2024-8385

CVE-2024-8385 is a WASM type confusion vulnerability caused by how StructFields and ArrayTypes are handled. Affects Firefox (versions before 130) and Firefox ESR (before 128.2) and Thunderbird (before 128.2). Exploitation could lead to high-impact outcomes per the CVE. Remediation in the public d...

LOYTEC Electronics LINX Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : LOYTEC electronics GmbH Equipment : LINX series Vulnerabilities : Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function,...

firefox -- multiple vulnerabilities

[email protected] reports: This entry contains 8 vulnerabilities: CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. CVE-2024-8382: Internal browser event interfaces were exposed to web...

K000140910: MySQL Server vulnerability CVE-2024-21177

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner', 'Description' = %q This module is based on et's HTTP Directory Scanner module, with...

Elasticsearch Memory Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Elasticsearch Memory Disclosure', 'Description' = %q This module exploits a memory disclosure vulnerability in Elasticsearch 7.10.0 to 7.13.3...

Dell OpenManage POST Request Heap Overflow (win32)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dell OpenManage POST Request Heap Overflow win32', 'Description' = %q This module exploits a heap overflow in the Dell OpenManage Web Server...

PT-2024-38836 · Code Projects · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A critical issue affects the processing of the file "/index.php?action=editPharmacist". The manipulation of the id argument leads to SQL injection. The attack may be initiated...

Rockwell Automation Emulate3D

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION : Exploitable locally Vendor : Rockwell Automation Equipment : Emulate3D Vulnerability : Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

GO-2022-0418 Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs

Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs...

CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...