PVS 2402 | Console Setup: EdgeWebView2 not installing correctly

When launching the "Console Installer" it tries to install the prerequired software which includes Edge WebView2. In some cases when installing it from the iso, Edge WebView2 might not show up in "appwiz.cpl" or "Apps and Features". If you start the "Console Installer" again it is shown as "not...

CVE-2024-23703

CVE-2024-23703 is reported in the Wear OS Security Bulletin (May 2024) with a local elevation of privilege (EoP) in the Framework component, rated High. The issue could allow a malicious app to escalate privileges with no additional execution privileges. Details in the bulletin indicate the full ...

CVE-2024-23702

CVE-2024-23702 is listed in the Wear OS/MAY 2024 bulletin as an Elevation of Privilege issue within the Framework component, enabling local privilege escalation by a malicious app with no extra execution privileges needed. The vulnerability is part of the 2024-05-01 patch level addressed in the W...

CVE-2024-23701

CVE-2024-23701 affects Wear OS (Framework component) and is listed in the May 2024 Wear OS Security Bulletin as a local escalation of privilege (EoP) vulnerability that can be exploited by a malicious app with no additional execution privileges required. The issue is classified as High severity. ...

CVE-2024-23700

CVE-2024-23700 is referenced in a Wear OS security bulletin as a Framework‑level vulnerability that could enable local privilege escalation by a malicious app with no extra privileges. PT-2026-3764 notes a PoC and claims the exploit can silently obtain permissions to read/write contacts, SMS, cal...

CVE-2023-27280

IBM Aspera Orchestrator 4.0.1 is affected by CVE-2023-27280, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt sensitive information. The IBM security bulletin for CVEs 2023-27280/27283/27281 states impact on 4.0.1 and recommends upgrading to 4.0.1 PL2 (Linux)...

CVE-2023-27281

CVE-2023-27281 is impactfully documented in IBM’s bulletin for IBM Aspera Orchestrator 4.0.1, where the vulnerability manifests as observable response discrepancies that could allow a remote attacker to enumerate usernames. The connected IBM doc confirms affected product/version and describes the...

CVE-2024-26321

CVE-2024-26321 pertains to vulnerabilities in ownCloud as documented by a pending CVE placeholder linked to real fixes. The connected advisory indicates an Authentication Bypass Using Pre-signed URLs in ownCloud, where improper validation may allow an attacker to bypass authentication and access ...

CVE-2024-26326

OwnCloud

CVE-2024-26320

CVE-2024-26320 is linked to a vulnerability in ownCloud prior to 10.13.3, described in OpenVAS as an improper input validation issue. The connected advisories indicate related problems including a Denial of Service in the Comments API and potential authentication bypass; remediation is available ...

CVE-2023-44472

CVE-2023-44472: Unyson WordPress plugin (<= 2.7.28) contains a Missing Authorization/Broken Access Control vulnerability. Root cause is missing authorization checks; impact is limited by documented scope (Unyson

CVE-2023-44446

CVE-2023-44446 affects GStreamer’s MXF demuxer (gstreamer1-plugins-bad-free, among others). The vulnerability is a use-after-free during MXF file parsing caused by not validating an object’s existence before operating on it. This can allow an attacker to execute code in the context of the affecte...

CVE-2023-44444

CVE-2023-44444 affects GIMP (PSP parsing). Craft data in PSP files can trigger an off-by-one when writing into a heap-based buffer, enabling remote code execution in the process context. Exploitation requires user interaction (visiting/opening a malicious file). The issue is confirmed by ZDI-Can-...

CVE-2023-44443

CVE-2023-44443 describes a Remote Code Execution in GIMP via PSP file parsing. The root cause is lack of validation of PSP data, causing an integer overflow during memory write. Impact is high: attacker-controlled code executed with the current process, with UI interaction required (user must ope...

CVE-2023-44441

CVE-2023-44441 describes a heap-based buffer overflow in GIMP’s DDS file parsing, enabling remote code execution. The issue arises from insufficient validation of the length of user-supplied data before copying to a heap buffer and requires user interaction (visiting a malicious page or opening a...

CVE-2023-44442

CVE-2023-44442 : GIMP PSD parsing heap-based buffer overflow leading to remote code execution. The flaw arises from insufficient validation of the length of user-supplied data during PSD file parsing, copying to a heap buffer. Exploitation requires user interaction (visiting a malicious page or o...

CVE-2023-42117

CVE-2023-42117 affects Exim (smtp service). Root cause: Improper neutralization/validation of user-supplied data leading to a memory corruption and remote code execution, with no authentication required. Impact: remote code execution in Exim processes, on affected installations. Affected componen...

CVE-2023-42116

Exim SMTP vulnerability CVE-2023-42116 is a stack-based buffer overflow in handling NTLM challenge data, allowing unauthenticated remote code execution. Affected software: Exim (MTA). Root cause: insufficient validation of user-supplied data length prior to copying into a fixed-length stack buffe...

CVE-2023-42115

Exim’s SMTP service (port 25) is affected by CVE-2023-42115: an AUTH-less out-of-bounds write that enables remote code execution via improper validation of user-supplied data, allowing code execution under the service account. The vulnerability details and impact are stated in multiple sources (E...

CVE-2023-40476

CVE-2023-40476 affects GStreamer and its gst-plugins-bad1.0, with a stack-based buffer overflow in the H.265 video parser due to insufficient validation of user data length. This can allow a remote attacker to execute code in the context of the affected process. Exploitation details are not fully...