Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

...

KB5034809: Windows Server 2008 R2 Security Update (February 2024)

The remote Windows host is missing security update 5034809. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...

KB5034774: Windows 10 LTS 1507 Security Update (February 2024)

The remote Windows host is missing security update 5034774. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...

KB5034819: Windows Server 2012 R2 Security Update (February 2024)

The remote Windows host is missing security update 5034819. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...

PT-2024-1709 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions prior to the fixed version Description: The vulnerability in Microsoft Outlook is related to insufficient validation of input data, allowing remote attackers to execute arbitrary code on the affected system. This...

PT-2024-1748 · Microsoft · Activex Data Objects +1

Name of the Vulnerable Software and Affected Versions: Microsoft ActiveX Data Objects affected versions not specified Description: The issue is related to insufficient input validation in the ActiveX Data Objects ADO interface, which can be exploited by a remote attacker to execute arbitrary code...

KB5034833: Windows Server 2008 Security Update (February 2024)

The remote Windows host is missing security update 5034833. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...

Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

KB5034830: Windows Server 2012 Security Update (February 2024)

The remote Windows host is missing security update 5034830. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...

KB5034767: Windows 10 Version 1607 and Windows Server 2016 Security Update (February 2024)

The remote Windows host is missing security update 5034767. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...

PT-2024-4514 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions 7.50 Description: The issue is related to the incorrect restriction of XML links to external objects in the Guided Procedures component of SAP NetWeaver AS for Java. This can be exploited by a remote attacker...

EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2024-1201)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable cras...

USN-6625-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

Virtuozzo Hybrid Infrastructure 6.0 Update 1 Hotfix 1 (6.0.1-85)

This update provides stability and performance improvements. Vulnerability id: VSTOR-72592 Increased the speed of VM filtering in clusters with a huge number of existing projects. Vulnerability id: VSTOR-79462 Parts of a multipart object are not deleted. Vulnerability id: VSTOR-79650, VSTOR-80493...

Exploit for Code Injection in Ispyconnect Agent_Dvr

CVE-2024-22514: Remote Code Execution in Agent DVR Informa...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

kernel: use after free in nft_immediate_deactivate

A use-after-free flaw was found in the Linux kernel's netfilter: nftables component, which can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can unbind the chain and objects can be...

git: data exfiltration with maliciously crafted repository

A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links CVE-2022-39253, the objects...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 6 (5.4.4-150)

This update provides stability and performance improvements. Vulnerability id: VSTOR-79658, VSTOR-80254 Reworked eligibility checks for third-party packages. Vulnerability id: VSTOR-79881 For S3 objects uploaded by using multipart upload, replacing one object with another with the same name may...

GHSA-JGXC-8MWQ-9XQW Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...