659 matches found
PT-2024-40494 · Unknown · Forum Module
Name of the Vulnerable Software and Affected Versions: Forum module affected versions not specified Description: The issue allows malicious users, such as spammers, to create members and post to forums using GET requests, bypassing CSRF and anti-spam measures. Additionally, a forum moderator can ...
KLA67625 PE vulnerability in Microsoft Azure
An elevation of privilege vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-30060 Related products Microsoft-Azure CVE list CVE-2024-30060 critical KB list Solution Install necessary updates from the KB...
Drupal Anonymous Open Redirect
Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users int...
GHSA-X6V2-XMRQ-574J Drupal Anonymous Open Redirect
Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users int...
KLA67403 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability can be exploited remotel...
KLA67449 Multiple vulnerabilities in Git for Windows
Multiple vulnerabilities were found in Git for Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability can be exploited remotely to...
GHSA-3H7Q-RFH9-XM4V Synapse V2 state resolution weakness allows Denial of Service (DoS)
Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database ...
UBUNTU-CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
KLA65691 SB vulnerability in Microsoft Browser
A security feature bypass vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2024-29991 Related products Microsoft-Edge CVE list CVE-2024-29991 warning KB list Solution Install necessary updates fro...
KLA65692 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...
Dell Client BIOS Out-Of-Bounds Write Vulnerability (DSA-2024-066)
The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by an Out-of-Bounds Write Vulnerability that could be exploited by malicious users to compromise the affected system. Note that Nessus has not tested for this issue but has instead relied only on the...
Information Leakage
matrix-appservice-irc is vulnerable to Information Leakage. The vulnerability is due to insufficient access checks when constructing a reply in MatrixHandler.ts, allowing malicious users to reply to events they shouldn't have access to...
KLA65530 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...
KLA65505 Multiple vulnerabilities in Microsoft Office
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof us...
KLA65509 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft OLE DB Driver for SQL Server can be exploited remotely to...
KLA65256 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Remote code execution vulnerability can be exploited remotely to execute arbitrary code. 2...
KLA65123 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of...
BIT-SILVERSTRIPE-2020-9311
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login usually CMS access can craft profile information which can lead to XSS for other users through specially crafted login form URLs...
BIT-GRAFANA-2023-2183
Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...
KLA64772 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory access vulnerability in V8 can be exploited to cause denial of service. ...