git: symlink bypass

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacti...

CVE-2023-46674

A flaw was found in elasticsearch-hadoop that allowed the unsafe deserialization of Java objects from Hadoop or spark configuration properties that could have been modified by authenticated users. Unsafe deserialization may impact integrity by allowing an attacker to modify unexpected objects or...

Prototype Pollution

@akbr/update is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the objects prototype via update/index.js, potentially allowing attackers to alter application behavior or execute arbitrary code...

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

CVE-2024-31870

CVE-2024-31870 affects IBM Db2 for i versions 7.2–7.5. A vulnerability in a user defined table function allows a local authenticated attacker to enumerate user profiles without authority to related *USRPRF objects, enabling information disclosure about users. The CVSS base score is 3.3 (LOW) with...

CVE-2024-31870 IBM i information disclosure

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

PT-2024-24258 · Ibm · Ibm Db2 For I

Name of the Vulnerable Software and Affected Versions: IBM Db2 for i versions 7.2 through 7.5 Description: The issue allows a local authenticated attacker to perform user enumeration without having authority to the related USRPRF objects. This can be used by a malicious actor to gather informatio...

CVE-2024-5759

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges...

CVE-2024-5759 Improper privilege management

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges...

CVE-2024-5759

CVE-2024-5759 affects Tenable Security Center. It is an improper privilege management vulnerability where an authenticated, remote attacker could view unauthorized objects and initiate scans without the required privileges. The issue is addressed in Security Center 6.4.0 (upgrade to 6.4.0 or late...

Tenable Security Center Security Breach

Tenable Security Center is a security center from Tenable USA. A security vulnerability exists in Tenable Security Center versions prior to 6.4.0 that originates from a vulnerability that allows an authenticated, remote attacker to view unauthorized objects and initiate scans without the required...

PT-2024-37126 · Tenable · Tenable Security Center

Name of the Vulnerable Software and Affected Versions: Tenable Security Center affected versions not specified Description: An improper privilege management issue exists, allowing an authenticated, remote attacker to view unauthorized objects and launch scans without the required privileges...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...

SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2024-5307

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target mus...

CVE-2024-5307

CVE-2024-5307 affects Kofax Power PDF, specifically the AcroForm Annotation handling. The vulnerability is an out-of-bounds read that can disclose sensitive information from a vulnerable installation due to insufficient validation of user-supplied data in Annotation objects. User interaction is r...

CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-2017 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

PT-2024-36377 · Unknown +1 · Pytorch-Lightning +1

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.1 Description: A remote code execution issue exists due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to...

GHSA-M2HP-5X78-74MG Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...