Microsoft PowerPoint 2016 RCE Vulnerability (KB5002586)

This host is missing an important security update according to Microsoft KB5002586 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

RHEL 8 : Red Hat Product OCP Tools 4.14 OpenShift Jenkins (RHSA-2024:5411)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5411 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Securi...

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

CVE-2024-38140 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

...

CVE-2024-38114

Technical details for CVE-2024-38114 are not provided in the connected documents. The initial description notes a Windows IP Routing Management Snapin Remote Code Execution vulnerability with CVSS 3.1/8.8, but no affected versions, root cause, or mitigations are included here.

CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

...

CVE-2024-38199

Technical details about CVE-2024-38199 are not publicly provided in the connected documents. Monitor for updates from Microsoft and NVD for affected products, fixes, and exploit information.

Exploit for CVE-2024-22120

Usage bash python exploit.py --ip --sid --hostid --phps...

Azure IoT SDK Remote Code Execution Vulnerability

...

Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass

...

Apache DolphinScheduler: RCE by arbitrary js execution

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...

GHSA-M9Q4-P56M-MC6Q Apache DolphinScheduler: RCE by arbitrary js execution

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...

CVE-2024-38530

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

CVE-2024-6917 RCE in Veribilim Software's Veribase Order Management

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2...

CVE-2024-6917 RCE in Veribilim Software's Veribase Order Management

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2...

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

CVE-2024-38530

CVE-2024-38530 affects the Open eClass platform (H5P module) via an arbitrary file upload in the module’s save.php, allowing unauthenticated uploads to the server filesystem. The underlying issue enables potential unrestricted remote code execution on the backend, since the upload location is int...