4571 matches found
PT-2024-9149 · Fuji Electric · Fuji Electric Tellus Lite V-Simulator 5
Name of the Vulnerable Software and Affected Versions: Fuji Electric Tellus Lite V-Simulator 5 version V8 Description: The issue is a remote code execution vulnerability that allows attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. This is due to a lack o...
CVE-2024-9632 affecting package xorg-x11-server-Xwayland for versions less than 24.1.1-3
CVE-2024-9632 affecting package xorg-x11-server-Xwayland for versions less than 24.1.1-3. A patched version of the package is available...
PT-2024-17174 · Enms · Enms
Name of the Vulnerable Software and Affected Versions: eNMS versions up to 4.2 Description: A critical issue has been found in the function multiselect filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched...
PT-2024-8789 · Dell · Dell Wyse Management Suite
Name of the Vulnerable Software and Affected Versions: Dell Wyse Management Suite versions WMS 4.4 and prior Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which could be exploited by a high privileged attacker with remote access, leading to...
CVE-2024-21538 affecting package reaper for versions less than 3.1.1-15
CVE-2024-21538 affecting package reaper for versions less than 3.1.1-15. A patched version of the package is available...
PT-2024-17140 · Unknown · Macrozheng Mall
Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A problematic issue has been found in the JWT Token Handler component, leading to the use of a default cryptographic key. The complexity of an attack is rather high, and exploitation is known ...
PT-2024-35725 · Totolink · Totolink A810R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5182 B20201026 Description: The issue is related to a Buffer Overflow in the infostat.cgi component. Recommendations: For TOTOLINK A810R version 4.1.2cu.5182 B20201026, consider restricting access to the...
PT-2024-17038 · Irfanview · Irfanview
Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...
PT-2024-22220 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...
CVE-2024-52581 Litestar allows unbounded resource consumption (DoS vulnerability)
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...
Oracle Linux 9 : mingw-glib2 (ELSA-2024-9442)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9442 advisory. - Fix CVEs: CVE-2024-34397 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...
PT-2024-9175 · Absysnet · Absysnet
Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released
Palo Alto Networks has released new indicators of compromise IoCs a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activit...
Vulnerability discovered in Fortinet FortiManager
UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...
Defense-in-Depth Security Updates for Microsoft SharePoint Server Subscription Edition (November 2024)
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing defense-in-depth security updates to help improve security-related features. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid211459;...
Oracle Linux 7 : giflib (ELSA-2024-12825)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12825 advisory. 4.1.6-9.0.1 - Fixes giflib CVE-2023-48161 issue Orabug: 37178930 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2023-29409 affecting package golang for versions less than 1.20.7-1
CVE-2023-29409 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
CVE-2024-46710 affecting package kernel for versions less than 6.6.57.1-1
CVE-2024-46710 affecting package kernel for versions less than 6.6.57.1-1. A patched version of the package is available...
PT-2024-26492 · Unknown · Vmir E8117
Name of the Vulnerable Software and Affected Versions: vmir e8117 version e8117 Description: A heap buffer overflow issue was discovered in vmir e8117 via the wasm parse section functions function at /src/vmir wasm parser.c. This issue occurs due to a heap buffer overflow, which can be exploited...
GHSA-QQ5C-677P-737Q Symfony vulnerable to command execution hijack on Windows with Process class
Description On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking. Resolution The Process class now uses the absolute path to cmd.exe. The patch for this...