CVE-2024-11697

The CVE-2024-11697 entry concerns Mozilla Firefox and Thunderbird and involves improper handling of keypresses in the Executable File Confirmation dialog. Affected versions are Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

Security Vulnerabilities fixed in Thunderbird 128.5 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. An attacker could cause a select...

Edgecross Basic Software 安全漏洞

Edgecross Basic Software is a software platform used in the Edge Computing space from Edgecross, Inc. that provides a variety of features to support data utilization and processing. A security vulnerability exists in Edgecross Basic Software ECP-BS1-W 1.00 and prior versions, which stems from...

Fedora 37 : php-Smarty (2022-d5fc9dcdd7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d5fc9dcdd7 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...

Remote Code Execution via Model Deserialization on /api/v2/models/install API

Summary I have identified a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361

CVE-2024-49361 concerns the ACON library (Adaptive Correlation Optimization Network) and describes an input-validation vulnerability that could allow remote code execution when processing user-supplied data. Multiple sources corroborate that an attacker could submit malicious input to bypass vali...

PT-2024-37863 · Moxa · Mxview One Series +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue occurs when an attacker exploits a race condition between the time a file is checked and the time it is used, known as a...

Deserialization Attack

MindsDB is vulnerable to Deserialization Attack. The vulnerability is due to unsafe deserialization of untrusted data, where the system fails to properly validate or sanitize the data before processing it, allowing malicious code to be executed when interacting with the deserialized model...

Argument Injection

aws-sam-cli is vulnerable to Argument Injection. The vulnerability is due to the ability for users to specify arguments in the SAM template that are passed to the Docker engine during the build, potentially leading to malicious code execution...

Signature Verification Bypass

github.com/projectdiscovery/nuclei is vulnerable to Signature Verification Bypass. The vulnerability is caused due to a defect in the Nuclei's template signature verification system, allows an attacker to bypass the signature check and possibly execute malicious code via custom code template...

Malicious code in python-project-wntliogu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 82bffbaa9f040ea19ff4e9fe678df68b1be71418f80fcd665ecc4f729512df19 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in appsec-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c03052298655ba853abe857c8ebbdf21fbb59942800dd2e86aeffbd8ed2751bc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable...

CVE-2024-32884

The CVE-2024-32884 issue affects gitoxide’s gix-transport component. A crafted clone URL can bypass checking the username portion of the URL, allowing characters that the external SSH program would interpret as options, which can smuggle SSH options and, in a malicious context (e.g., with a malic...

PT-2024-23268 · Armember · Armember

Name of the Vulnerable Software and Affected Versions: ARMember versions n/a through 4.0.26 Description: The issue is related to the deserialization of untrusted data. This is a type of vulnerability where an application accepts data from an untrusted source and deserializes it, potentially...

KLA65334 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in ANGLE can be exploited to...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2023-45735

A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device...