CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

DEBIAN-CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2024-12798 JaninoEventEvaluator vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2024-12798

CVE-2024-12798 corresponds to an ACE vulnerability in JaninoEventEvaluator via QOS.CH logback-core, affecting Java applications that rely on logback-core configurations. The connected IBM Security Bulletin pages enumerate the CVE under IBM API Connect context and explicitly list CVE-2024-12798 am...

CVE-2024-12798 JaninoEventEvaluator vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

RockyLinux 8 : php:8.2 (RLSA-2024:10951)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10951 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

The vulnerability of the gst_matroska_demux_add_wvpk_header function in the Gstreamer multimedia framework allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the gstmatroskademuxaddwvpkheader function is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a attacker to execute arbitrary code or cause service failures...

Rockwell Automation Arena Simulation DOE File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

PT-2024-36529 · Unknown · Winmail Server

Name of the Vulnerable Software and Affected Versions: Winmail Server version 4.4 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It involves the f user variable and a specific payload %22%3E%3Csvg%20onload. This type of attack can allow an attacker to inject malicious...

PT-2025-11202 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: The issue arises when a maliciously crafted CATPRODUCT file is parsed through Autodesk AutoCAD, leading to an Uninitialized Variable vulnerability. This can be exploited by a...

BIT-NODE-MIN-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the default insecure initialization of certain variables. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-52061

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Core Libraries, Queuing Service, Recording Service, Routing Service allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before...

CVE-2024-52060

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service allows Buffer Overflow via Environment Variables.This issue affects Connext...

SUSE CVE-2024-47540

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-53063)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53063 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out o...

CVE-2024-54122

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-54122

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-54122

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability...