CVE-2024-42333

CVE-2024-42333 is confirmed in multiple advisories as a memory leak caused by an out-of-bounds read in zabbix server code (src/libs/zbxmedia/email.c). The vulnerability affects Zabbix deployments and has been addressed in multiple distributions: Fedora 40 update to zabbix 6.0.36; Debian bullseye ...

CVE-2024-53102

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-7236

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-8805

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within...

CVE-2024-7236

CVE-2024-7236 affects AVG AntiVirus Free (icarus). The vulnerability is in the AVG Installer: an attacker who can run low-privilege code locally can abuse the updater by creating a symbolic link to create a file, enabling a persistent DoS condition. This is a local-privilege, file-creation DoS ve...

CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CUPS IPP Attributes LAN Remote Code Execution

class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::DNS::Common include Exploit::Remote::SocketServer include Msf::Exploit::Remote::HttpServer::HTML Accessor for IPP HTTP service attraccessor :service2 MULTICASTADDR = '224.0.0.251' Define IPP constants module...

CVE-2024-50849

A Stored Cross-Site Scripting XSS vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code...

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

PYSEC-2024-123

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240

The CVE-2024-1240 entry applies to pyload/pyload 0.5.0, where the login flow mishandles the next parameter, enabling an open redirect to attacker-controlled sites (phishing risk). The issue is mitigated by upgrading to pyload-ng 0.5.0b3.dev79 or later. Connected documents confirm the vulnerable c...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-48974

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-11127

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

CVE-2024-50557

CVE-2024-50557 affects Siemens SCALANCE M-800 family, RUGGEDCOM RM1224 LTE, and related devices. The issue is due to insufficient input validation in the configuration fields of the iperf functionality, allowing an unauthenticated remote attacker to execute arbitrary code on affected devices. Aff...

Citrix Systems NetScaler Gateway和NetScaler ADC 安全漏洞

Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...