BMC Control-M Security Vulnerability

BMC Control-M is an application from BMC Corporation. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.20 and 9.0.21, which stems from a vulnerability that allows dynamic link libraries DLLs to be loaded...

PT-2024-15217

Name of the Vulnerable Software and Affected Versions BackWPup WordPress plugin versions prior to 4.0.4 Description The issue allows unauthenticated attackers to download backups of a site's database due to the lack of prevention of Directory Listing in the temporary backup folder. This exposes...

CVE-2024-26185

Windows Compressed Folder Tampering Vulnerability...

Design/Logic Flaw

Windows Compressed Folder Tampering Vulnerability...

CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability

...

CVE-2024-26185

CVE-2024-26185 is the Windows Compressed Folder Tampering vulnerability. Supported data in connected sources notes that Windows 11 (22H2/23H2) systems are affected, with impact described as data manipulation. The issue is covered in Microsoft KB5035853 and appears among multiple vulnerabilities p...

CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability

...

Windows Compressed Folder Tampering Vulnerability

...

PT-2024-2252 · Microsoft · Windows Compressed Folder +1

Name of the Vulnerable Software and Affected Versions: Windows Compressed Folder affected versions not specified Description: The issue is related to insufficient input validation in the Windows Compressed Folder component, which can be exploited by creating a specially crafted file. This allows ...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...

PT-2024-19066 · Unknown · Skysea Client View

Name of the Vulnerable Software and Affected Versions: SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2 Description: An improper access control vulnerability exists in a specific folder of the software. This vulnerability can be exploited by a user who can log in to the PC where the...

Microsoft Windows Compressed Folder Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in the Microsoft Windows Compressed Folder. The following products and versions are affected: Windows 11 Version 22H2 for ARM64-based Systems,Windows 11...

Debian dla-3759 : qemu - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3759 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3759-1 [email protected]...

SUSE CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

BIT-MOODLE-2023-30943 Moodle: tinymce loaders susceptible to arbitrary folder creation

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

BIT-GHOST-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

electron-builder security vulnerability

electron-builder is a tool for packaging and building ready-to-distribute Electron, Proton Native applications for macOS, Windows, and Linux with out-of-the-box "auto-update" support. A security vulnerability exists in electron-builder prior to version 24.13.2, which stems from the fact that if a...

Mozilla Thunderbird < 115.8.1

The version of Thunderbird installed on the remote Windows host is prior to 115.8.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-11 advisory. - The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email messa...

Vulnerability fixed in Mozilla Thunderbird

Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...