CVE-2024-39840

Factorio before 1.1.101 is affected. A crafted server map can trigger arbitrary code execution on clients by abusing certain Lua base module functions to execute bytecode and create fake objects. Affected component: Factorio server/client interaction via custom maps; root cause: Lua base module f...

PT-2024-13029 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.1 and 6.2 Description: The issue arises from the software not restricting or incorrectly restricting frame objects or UI layers that belong to another application or domain. This can lea...

CVE-2024-39669

The CVE-2024-39669 issue affects Soffid IAM Console prior to 3.5.39 (and related releases per advisories), caused by insufficient checks on certain Java objects. The underlying flaw allows a malicious actor to potentially execute arbitrary code in the Sync Server, leading to a security compromise...

CVE-2024-39669

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...

PT-2024-28608 · Soffid · Soffid Iam

Name of the Vulnerable Software and Affected Versions: Soffid IAM versions prior to 3.5.39 Description: The issue arises from insufficient checks applied to certain Java objects in the Console component of Soffid IAM. This could allow a malicious agent to execute arbitrary code in the Sync Server...

Security Bulletin: IBM Sterling B2B Integrator Standard Edition does not correctly restrict frame objects

Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details CVEID:CVE-2023-42011...

MAL-2024-2660 Malicious code in mf-seller-xp-commons-objects (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

git: symlink bypass

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacti...

git: symlink bypass

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacti...

CVE-2023-46674

A flaw was found in elasticsearch-hadoop that allowed the unsafe deserialization of Java objects from Hadoop or spark configuration properties that could have been modified by authenticated users. Unsafe deserialization may impact integrity by allowing an attacker to modify unexpected objects or...

Prototype Pollution

@akbr/update is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the objects prototype via update/index.js, potentially allowing attackers to alter application behavior or execute arbitrary code...

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

CVE-2024-31870

CVE-2024-31870 affects IBM Db2 for i versions 7.2–7.5. A vulnerability in a user defined table function allows a local authenticated attacker to enumerate user profiles without authority to related *USRPRF objects, enabling information disclosure about users. The CVSS base score is 3.3 (LOW) with...

CVE-2024-31870 IBM i information disclosure

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

PT-2024-24258 · Ibm · Ibm Db2 For I

Name of the Vulnerable Software and Affected Versions: IBM Db2 for i versions 7.2 through 7.5 Description: The issue allows a local authenticated attacker to perform user enumeration without having authority to the related USRPRF objects. This can be used by a malicious actor to gather informatio...

CVE-2024-5759

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges...

CVE-2024-5759 Improper privilege management

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges...

CVE-2024-5759

CVE-2024-5759 affects Tenable Security Center. It is an improper privilege management vulnerability where an authenticated, remote attacker could view unauthorized objects and initiate scans without the required privileges. The issue is addressed in Security Center 6.4.0 (upgrade to 6.4.0 or late...

Tenable Security Center Security Breach

Tenable Security Center is a security center from Tenable USA. A security vulnerability exists in Tenable Security Center versions prior to 6.4.0 that originates from a vulnerability that allows an authenticated, remote attacker to view unauthorized objects and initiate scans without the required...

PT-2024-37126 · Tenable · Tenable Security Center

Name of the Vulnerable Software and Affected Versions: Tenable Security Center affected versions not specified Description: An improper privilege management issue exists, allowing an authenticated, remote attacker to view unauthorized objects and launch scans without the required privileges...