117 matches found
Fedora 39 : prometheus-podman-exporter (2024-ee9f0f22b6)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ee9f0f22b6 advisory. release 1.13.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
ASB-A-340332428
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...
BELL-CVE-2024-4076
Bulletin has no description...
CVE-2024-2359 Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...
PT-2024-15908 · WordPress · Fancy Product Designer
Name of the Vulnerable Software and Affected Versions: The Fancy Product Designer WordPress plugin versions prior to 6.1.81 Description: The issue is related to the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admins, to perform...
PUB-A-318507136
there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-20919
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...
Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2025-06476)
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A security vulnerability exists in Rockwell Automation Arena Simulation, which can be exploited by an attacker to submit unauthorized code...
CVE-2023-33200 Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory...
GHSA-354H-FPMQ-68V7 Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitati...
GHSA-28VP-39RF-3Q2J Magento Open Source has Business Logic Errors Vulnerability
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation ...
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this iss...
PUB-A-262235998
In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-267357916
In tbd of tbd, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PUB-A-246749936
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...
PUB-A-261193664
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-0230 VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS
The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PUB-A-244713317
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
PUB-A-243480506
In ppmpuset of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars
Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to...