Cloud customer service management platform 安全漏洞

Cloud customer service management platform is an application. A security vulnerability exists in Cloud customer service management platform, which originates from the presence of a SQL injection vulnerability that could allow a local attacker to execute arbitrary code via a crafted payload...

BlueRiSC WindowsSCOPE Cyber Forensics 安全漏洞

BlueRiSC WindowsSCOPE Cyber Forensics is a GUI-based memory forensic capture and analysis toolkit from BlueRiSC. A security vulnerability exists in BlueRiSC WindowsSCOPE Cyber Forensics versions prior to 3.3 that originates from a vulnerability that could allow a local attacker to execute arbitra...

PT-2024-22931 · Bluerisc · Bluerisc Windowsscope Cyber Forensics

Name of the Vulnerable Software and Affected Versions: BlueRiSC WindowsSCOPE Cyber Forensics versions prior to 3.3 Description: The issue is related to an improper DACL being applied to the device created by the briscKernelDriver.sys driver, allowing a local attacker to execute arbitrary code...

DEBIAN-CVE-2021-34981

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to...

CVE-2024-3759

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free...

SUSE CVE-2024-28562

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Imf22::copyIntoFrameBuffer component when reading images in EXR format...

CVE-2024-34062

A flaw was found in python-tqdm. When processing non-boolean command line arguments, python-tqdm uses python's eval function but fails to properly sanitize the input provided by the user. This flaw allows an attacker to trick a user into running python-tqdm with crafted command line arguments,...

GHSA-4Q63-MR2M-57HF kubevirt allows a local attacker to execute arbitrary code via a crafted command

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

AZL-64791 CVE-2024-33394 affecting package kubevirt for versions less than 1.5.0-2

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2024-23461

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

CVE-2024-23461 ZCC macOS Upgrade ZIP Bomb DoS

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

karmada-io karmada 安全漏洞

Karmada is a Kubernete management system open-sourced by karmada-io. A security vulnerability exists in karmada-io karmada v1.9.0 and earlier versions, which stems from a vulnerability that allows a local attacker to execute arbitrary code via a crafted command...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and comply with the organization's policies, even when not on the corporate network. A security...

CVE-2024-33396

CVE-2024-33396 affects karmada-io karmada up to v1.9.0. The issue allows a local attacker to execute arbitrary code by sending a crafted command to obtain the token component, enabling local privilege escalation. Affected versions are 1.9.0 and earlier; impact is local code execution with high se...

PT-2024-24534 · Carina · Carina

Name of the Vulnerable Software and Affected Versions: Carina versions 0.13.0 and earlier Description: An RBAC authorization risk allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster...

PT-2024-13023 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.1.0.62 Description: An Improper Validation of Integrity Check Value issue in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code...

PT-2024-25230 · Karmada · Karmada

Name of the Vulnerable Software and Affected Versions: karmada versions 1.9.0 and earlier Description: The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This is related to token handling and can be exploited for local privilege escalatio...

PT-2024-19884 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on MacOS versions prior to 3.4 Description: An issue with improper validation of integrity check values in the upgrade process may allow local execution of code. This issue is related to the Zscaler Client Connector o...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...