CVE-2024-22068

CVE-2024-22068 describes an Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S, 2800-4, 3800-8, and 160 series on 64-bit systems, allowing a Functionality Bypass. Affected product versions are V4.00.10 and earlier. Root cause is improper privilege management enabling bypass of restr...

CVE-2024-9473

CVE-2024-9473 affects the Palo Alto Networks GlobalProtect App on Windows. The issue is a local privilege escalation via the MSI repair functionality used during installation, allowing a locally authenticated non-admin user to elevate to NT AUTHORITY/SYSTEM. Affected versions are GlobalProtect Ap...

October 8, 2024—KB5044280 (OS Build 22000.3260)

October 8, 2024—KB5044280 OS Build 22000.3260 Updated 10/08/24---END OF SERVICE NOTICE ---IMPORTANT All editions of Windows 11, version 21H2 are at end of service today, October 8, 2024. After today, these devices will not receive monthly security and non-security updates. These updates contain...

OSV-2024-1186 UNKNOWN READ in cfl_sds_len

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371659893 Crash type: UNKNOWN READ Crash state: cflsdslen unpackmetaopts cmtmpackunpackmap...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to bypass certain functionality. The following products and versions are affected: Windows 11 Versio...

Cross Site Scripting(XSS)

OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the login functionality, which allows an attacker to inject malicious scripts while sending commands to and receiving data from embedded systems...

U.S. Dept Of Defense: Time-based blind SQL injection

A time-based blind SQL injection vulnerability was discovered in the sortBy parameter of the web application's SearchDocs.aspx functionality. The vulnerability was identified by observing differences in the server's response time when specific payloads were used. This type of vulnerability could...

CVE-2024-7826

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7826

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7825

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7824

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7825 Type confusion that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7825 Type confusion that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7826

The connected PT-2024-38611 entry provides concrete details for Webroot SecureAnywhere - Web Shield: the vulnerability resides in wrURL.Dll modules and is an improper check for unusual or exceptional conditions. Affected are Web Shield versions prior to 2.1.2.3 across Windows, ARM, 64-bit, and 32...

CVE-2024-7826 Unhandled exception vulnerability that can cause the WRSA.exe service to crash and generate a crash dump

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

PT-2024-29302 · Veertu · Veertu Anka

Name of the Vulnerable Software and Affected Versions: Veertu Anka Build version 1.42.0 Description: A directory traversal vulnerability exists in the archive functionality of Veertu Anka. This vulnerability can be triggered by a specially crafted HTTP request, potentially leading to the disclosu...

PYSEC-2024-100

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...

CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...