CVE-2024-21912

Rockwell Automation Arena Simulation Software (Arena Simulation) is affected by CVE-2024-21912 (out-of-bounds write / arbitrary code execution). The vulnerability arises from writing beyond designated memory, causing an access violation and allowing code execution when a user opens a malicious fi...

CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

CVE-2024-29203

TinyMCE contains a cross-site scripting (XSS) vulnerability in its content insertion code that can allow iframe elements to execute malicious scripts. The issue is mitigated by upgrading to TinyMCE v6.8.1 or newer; multiple advisories also note that patches and later versions (e.g., 7.0.0+) addre...

CVE-2024-29203

Removed by vendor...

Rockwell Automation Arena Simulation Software 缓冲区错误漏洞

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. An uninitialized pointer access vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attack...

CVE-2024-28593

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...

CVE-2023-27502

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2023-27502

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1376)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-GITLAB-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG after failure to insert delayed dir index item Instead of calling BUG when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquire...

AZL-35451 CVE-2024-26581 affecting package hyperv-daemons for versions less than 5.15.153.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active...

CVE-2024-0935

Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024...

CVE-2024-0935 Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024

Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024...

glibc qsort() Out-Of-Bounds Read / Write Exploit

Qualys discovered a memory corruption in the glibc's qsort function, due to a missing bounds check. To be vulnerable, a program must call qsort with a nontransitive comparison function a function cmpint a, int b that returns a - b, for example and with a large number of attacker-controlled elemen...

CVE-2024-23791

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1...

RHEL 8 : curl (RHSA-2023:7540)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7540 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

kernel: HID: check empty report_list in hid_validate_values()

A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

VulnCheck KEV: CVE-2024-23506

Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.9...

AZL-34879 CVE-2024-23850 affecting package kernel for versions less than 6.6.35.1-4

In btrfsgetrootref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation...