PT-2024-7963 · Eclipse +1 · Eclipse Glassfish +1

Name of the Vulnerable Software and Affected Versions: Eclipse Glassfish versions prior to 7.0.10 Description: A URL redirection issue to untrusted sites exists, caused by a vulnerability in the included Apache code. This issue only affects applications explicitly deployed to the root context '/'...

The vulnerability of the signal handler in the sshd(8) program of the FreeBSD operating system allows a hacker to execute arbitrary code in the root context.

The vulnerability of the signal handler in the sshd8 program of the FreeBSD operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...

CVE-2024-41176 Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

CVE-2024-7603 Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The...

CVE-2024-7601

CVE-2024-7601 affects Logsign Unified SecOps Platform. The vulnerability resides in the HTTP API service (default port 443) where lack of proper validation of a user-supplied path enables a traversal that can delete arbitrary files in the root context. Exploitation requires authentication, and th...

CVE-2024-7601 Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability

Logsign Unified SecOps Platform Directory dataexportdeleteall Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerabilit...

CVE-2024-7600 Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2024-7600 Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

CVE-2024-7538

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7541

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7539

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The...

CVE-2024-7538

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7539

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The...

PT-2024-20178 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. No authentication is required to...

(Pwn2Own) Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability

This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewall rules. The issue results from...

(Pwn2Own) QNAP TS-464 Cloud Utility Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of password reset requests. The issue results from the la...

(Pwn2Own) Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prhl2sardataind function. The issue results from the lack of validati...

(Pwn2Own) Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDMwemCmdCreatSHA256Hash function. The issue results from the lack...

(Pwn2Own) QNAP TS-464 TURN Server create_session Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the createsession action. The issue results from the lack of...