CVE-2024-21235

CVE-2024-21235 affects Oracle Java SE Hotspot and related GraalVM/Enterprise packages across multiple Oracle Java SE versions (8u421, 11.0.24, 17.0.12, 21.0.4, 23; and GraalVM/JDK variants). Affected components include Hotspot, Serialization, 2D, Networking, and Concurrency, with unauthenticated ...

CVE-2024-21204

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Power Platform Information Disclosure Vulnerability

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...

PT-2024-9760

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421 through 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, resulting in unauthorized...

CVE-2024-47490

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a...

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2024-43610

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

CVE-2024-43610

CVE-2024-43610 concerns an information disclosure in Microsoft Copilot Studio. The connected PT-2024-7988 entry identifies Copilot Studio as the affected software and states that the vulnerability involves exposure of sensitive information to unauthorized actors via a network attack vector, explo...

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

CVE-2024-43488

CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...

Copilot Studio Information Disclosure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

AZL-49716 CVE-2024-38796 affecting package edk2 for versions less than 20230301gitf80f052277c8-42

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...

QNAP Systems QTS和QuTS hero 操作系统命令注入漏洞

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

PT-2024-14095 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.6.2722 build 20240402 QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414 Description: A NULL pointer dereference issue has been reported to affect several QNAP operating system versions. If exploited, t...

Memory corruption vulnerabilities in Suricata and FreeRDP

As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client KTC and Kaspersky IoT Secure Gateway KISG. As part of the pre-release...

CVE-2024-5209

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted...

PT-2024-7988 · Microsoft · Copilot Studio

Name of the Vulnerable Software and Affected Versions: Microsoft Copilot Studio affected versions not specified Description: The issue is related to the exposure of sensitive information to unauthorized actors in Microsoft Copilot Studio. This allows an unauthenticated attacker to view sensitive...

TOTOLINK CP450 cstecgi.cgi file loginauth function buffer overflow vulnerability

TOTOLINK CP450 is a wireless bridge manufactured by China Gion Electronics TOTOLINK. The TOTOLINK CP450 suffers from a buffer overflow vulnerability that originates in the file /cgi-bin/cstecgi.cgi related to improper handling of the parameter httphos by the loginauth function. An attacker can...