SUSE-SU-2024:4050-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.4.3 fixed: Folder corruption could cause Thunderbird to freeze and become unusable fixed: Message corruption could be propagated when reading mbox fixed: Folder compaction was not abandoned on shutdown fixed:...

CVE-2024-7245

Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the targ...

CVE-2024-7233

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

CVE-2024-7237

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

CVE-2024-7237

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

CVE-2024-7232

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

Zimbra Collaboration Server 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

CVE-2024-45511

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

CVE-2024-45511

CVE-2024-45511 affects Zimbra Collaboration (ZCS) up to 10.1, via the Briefcase module. The root cause is improper sanitization of file contents by the OnlyOffice formatter, allowing a crafted URL to a shared folder containing a malicious file to execute arbitrary JavaScript in the victim’s sessi...

PT-2024-8475 · Kubernetes +1 · Kubernetes Kubelet +2

Name of the Vulnerable Software and Affected Versions: Kubernetes kubelet versions through 1.28.11 Kubernetes kubelet versions from 1.29.0 through 1.29.6 Kubernetes kubelet versions from 1.30.0 through 1.30.2 Description: The issue allows arbitrary command execution via specially crafted gitRepo...

CVE-2024-50804

MSI Center Pro 2.1.37.0 contains an insecure permissions vulnerability that permits a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file located in C:\ProgramData\MSI\One Dragon Center\Data. Affected component: MSI Center Pro; root cause: improper access control on a da...

CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to...

User can copy folder that contain files that are blocked by the files access control

None...

Landray EKP 路径遍历漏洞

Landray EKP is an office automation solution from China's Landray Corporation that enables companies to easily model and manage their business. A path traversal vulnerability exists in Landray EKP V16.0 and earlier versions, which stems from the parameter folder in the file...

CVE-2024-46463

CVE-2024-46463 concerns PRIMX ORIZON for Windows (up to version 2024.3). By default, dedicated folders can be accessed by other users, enabling misuse of technical files and higher-privilege task execution. The underlying issue is access control on ORIZON folders; remediation is to modify the con...

ZONEPOINT 安全漏洞

PRIMX ZONEPOINT is a secure encrypted messaging program from PRIMX Corporation. A security vulnerability exists in ZONEPOINT 2024.1 and earlier versions, which stems from the fact that a dedicated folder can be accessed by other users by default, allowing them to misuse technical files and perfor...

PRIMX ORIZON 安全漏洞

PRIMX ORIZON is a multi-platform software from PRIMX Corporation that encrypts files and folders stored at a cloud service provider. A security vulnerability exists in PRIMX ORIZON version 2024.3 and earlier, which stems from the fact that by default dedicated folders can be accessed by other use...

CVE-2024-46465

CRYHOD for Windows (versions up to 2024.3) contains a local access issue: by default, dedicated folders are accessible by other users, enabling misuse of technical files and execution of tasks with higher privileges. Root cause: default folder permissions allow unauthorized access. Impact: potent...

PRIMX ZONECENTRAL 安全漏洞

PRIMX ZONECENTRAL is an application from PRIMX, Inc. uses encryption to provide confidentiality services that apply to all documents in an organization. A security vulnerability exists in PRIMX ZONECENTRAL version 2024.3 and earlier and Q.2021.2 and earlier, which stems from the fact that a...

Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override...