CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

CVE-2024-24974

CVE-2024-24974 affects OpenVPN 2.6.9 and earlier. The interactive service pipe can be accessed remotely, allowing a remote attacker to interact with the privileged OpenVPN interactive service. This is described across multiple sources (NVD entry for CVE-2024-24974 and Nessus/OpenVAS findings) as ...

CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

CVE-2024-27459

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges...

[SECURITY] Fedora 39 Update: cockpit-320-1.fc39

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

CVE-2024-3111

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...

CVE-2024-3111

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...

CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...

CVE-2024-3111

CVE-2024-3111 affects Interactive Content (H5P) WordPress plugin pre-1.15.8. The issue: uploads are not validated, allowing Contributors and above to update SVG files, causing Stored XSS. Consequences are web-applicable on sites using affected plugin versions prior to 1.15.8. Remediation: upgrade...

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...

CVE-2024-3468

CVE-2024-3468 affects AVEVA PI Web API (versions 2023 and earlier). The vulnerability is Deserialization of Untrusted Data that could allow malicious code to execute in the PI Web API environment when an interactive user is socially engineered to use API XML import payloads. CVSS details indicate...

CVE-2024-3467 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

CVE-2024-3467 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

RHEL 9 : cockpit (RHSA-2024:3843)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3843 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

OSIsoft PI Web API Code Issue Vulnerability

The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection XAMPP 💀 Featur...