832 matches found
PT-2024-4280
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description An elevation-of-privilege vulnerability exists in the Microsoft Windows Kernel Streaming service. The vulnerability is due to improper handling of untrusted pointer dereferencing...
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Cisco Talos Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
CVE-2024-5246
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific...
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
After a relatively hefty Microsoft Patch Tuesday in April, this months security update from the company only included one critical vulnerability across its massive suite of products and services. In all, Mays slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which ar...
RLSA-2024:2566 Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
CVE-2023-51579
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2023-51577
Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged cod...
CVE-2023-41182
NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit...
CVE-2023-40505
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2023-32177
VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A remote code execution vulnerability exists in Voltronic Power ViewPower, which can be exploited by an attacker to execute code in the SYSTEM context...
Moderate: pcp security update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
ALSA-2024:2213 Moderate: pcp security update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions...
The vulnerability of the Polarion ALM application lifecycle management software lies in its default access settings, which allow attackers to elevate their privileges to the level of NT AUTHORITY\SYSTEM.
The vulnerability of the Polarion ALM application lifecycle management software is related to the default access settings. Exploiting this vulnerability can allow attackers to elevate their privileges to the NT AUTHORITY\SYSTEM level...
Siemens SCALANCE W700 Improper Neutralization of Special Elements Used in an OS Command (CVE-2023-49691)
An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update. This plugin only works...
ASUS Control Center Express 01.06.15 Unquoted Service Path
Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path Privilege Escalation Date: 2024-04-02 Exploit Author: Alaa Kachouh Vendor Homepage: https://www.asus.com/campaign/ASUS-Control-Center-Express/global/ Version: Up to 01.06.15 Tested on: Windows CVE: CVE-2024-27673...
ASUS Control Center Express 01.06.15 - Unquoted Service Path
Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path Privilege Escalation Date: 2024-04-02 Exploit Author: Alaa Kachouh Vendor Homepage: https://www.asus.com/campaign/ASUS-Control-Center-Express/global/ Version: Up to 01.06.15 Tested on: Windows CVE: CVE-2024-27673...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A remote code execution vulnerability exists in Voltronic Power ViewPower Pro, which is caused by a lack of proper validation of user-supplied data and can lead to deserialization of untrustwort...
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apples password reset feature. In this scenario, a targets Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used...