CVE-2024-45714 SolarWinds Serv-U Stored XSS Vulnerability

Application is vulnerable to Cross Site Scripting XSS an authenticated attacker with users’ permissions can modify a variable with a payload...

CVE-2024-45714

CVE-2024-45714 refers to a Cross-Site Scripting (XSS) vulnerability in SolarWinds Serv-U. Connected sources indicate an authenticated user can modify a variable with a payload, potentially allowing browser-execution or data exposure within the victim’s context. Affected context is SolarWinds Serv...

The vulnerability of the mmio_read() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the mmioread function in the Linux operating system’s kernel is related to a memory leak that occurs due to incorrect initialization of the variable val. Exploiting this vulnerability can allow an attacker to cause a service failure...

Delta Electronics CNCSoft-G2 DPAX File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Delta Electronics CNCSoft-G2 Uninitialized Variable Vulnerability

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from an uninitialized variable vulnerability that can be exploited by an attacker to execute code in the context of the current process...

BIT-DISCOURSE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...

Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2024-47966 Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

USN-7061-1: Go vulnerabilities

Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. CVE-2023-24531 Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not...

CVE-2024-9780 Missing Initialization of a Variable in Wireshark

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file...

Delta Electronics CNCSoft-G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION...

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from an uninitialized variable vulnerability that can be exploited by an attacker to execute code in the context of the current process...

GO-2024-3182 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu

OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu...

GO-2024-3167 Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability in github.com/golang-fips/openssl

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

CVE-2024-47773

Discourse CVE-2024-47773 describes an anonymous cache-poisoning vulnerability triggered by multiple XHR requests that can contaminate the cache for anonymous visitors. Affected software is Discourse (noted in multiple sources) with patches in the latest released version; remediation guidance also...

CVE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...

DEBIAN-CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

CVE-2024-44674

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub24E28, the HTTPREFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src...

CVE-2024-9570

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit...