CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

PT-2024-33298 · Serviceware · Serviceware Processes

Name of the Vulnerable Software and Affected Versions: Serviceware Processes versions 6.0 through 7.3 Description: The issue allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint, resulting in remote code execution. Recommendations: For...

Serviceware Processes 安全漏洞

Serviceware Processes is an enterprise service management software from Serviceware, Inc. A security vulnerability exists in Serviceware Processes versions 6.0 through 7.3 that stems from the presence of a remote code execution vulnerability that could allow an attacker to send a specially crafte...

CVE-2024-48956

CVE-2024-48956 affects Serviceware Processes versions 6.0 through 7.3 prior to 7.4. The issue enables unauthenticated attackers to send a specially crafted HTTP request to a service endpoint, leading to remote code execution. Public sources in the provided documents consistently describe this as ...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege - Windows Task Scheduler CVE-2024-49039 vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the targ...

Starbucks Shifts to Manual Processes After Contractor Ransomware Attack

Ransomware attack cripples Starbucks operations, forcing the coffee giant to rely on manual processes for employee scheduling and…...

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver BYOVD to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast...

mySCADA myPRO Manager Authorization Issues Vulnerability

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An authorization issue vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to submit a special request for unauthorized access to resourc...

mySCADA myPRO Manager OS Command Injection Vulnerability (CNVD-2024-46408)

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to inject arbitrary operating system commands...

Postgresql: role pg_signal_backend can signal certain superuser processes.

...

CVE-2017-9711

Certain unprivileged processes are able to perform IOCTL calls...

CVE-2017-9711 Permissions, Privileges, and Access Controls in Data

Certain unprivileged processes are able to perform IOCTL calls...

PT-2024-10609 · Qualcomm · Snapdragon +22

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows certain unprivileged processes to perform IOCTL calls. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

When Guardians Become Predators: How Malware Corrupts the Protectors

When Guardians Become Predators: How Malware Corrupts the Protectors By Trellix · November 20, 2024 This blog was also written by Trishaan Kalra Introduction We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is...

CVE-2018-9421

In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

CVE-2024-10396 Fileserver crash and possible information leak on StoreACL/FetchACL

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

PT-2024-16243 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memor...