CVE-2024-12799

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

Exploit for Path Traversal in Grafana

CVE-2021-43798-Exploit-for-Windows-and-Linux Modified exploit...

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

APSB24-98 : Security update available for Adobe PDFL SDK

Adobe has released an update for the Adobe PDF Library Software Development Kit SDK for Windows, Linux and macOS. Adobe PDFL SDK contains a set of functions for developing third-party solutions and workflows built upon the Adobe PDF standard. This update resolves a critical vulnerability that cou...

Exploits and vulnerabilities in Q3 2024

Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log...

CVE-2024-9194

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...

WebNMS Framework Server Arbitrary Text File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Arbitrary Text File Download', 'Description' = %q This module abuses a vulnerability in WebNMS Framework Server 5.2 that...

CVE-2024-0085

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service...

UBUNTU-CVE-2024-0091

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering...

SUSE CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

PYSEC-2024-108

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

PT-2024-4364 · Nvidia +1 · Nvidia Vgpu +1

Name of the Vulnerable Software and Affected Versions: NVIDIA vGPU software for Windows and Linux affected versions not specified Description: The issue is related to incorrect privilege assignment in the NVIDIA Virtual GPU Manager driver, allowing an attacker to elevate privileges or cause a...

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft Corporation USA. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to...

CVE-2024-25705

There is a cross‑site scripting XSS vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary...

DEBIAN-CVE-2024-0078

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service...

PT-2024-3827 · Nvidia +2 · Nvidia Gpu Display Driver +2

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows and Linux affected versions not specified Description: The issue is related to a NULL-pointer dereference in the kernel mode layer of the NVIDIA GPU Display Driver. This can be caused by a user in a guest...

CVE-2024-1309

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1...

CVE-2023-4552

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...

CVE-2023-4553

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2...

PT-2024-1268 · Hitachi · Hitachi Device Manager

Name of the Vulnerable Software and Affected Versions: Hitachi Device Manager versions prior to 8.8.5-04 Description: The issue is related to the generation of error messages containing sensitive information in the Hitachi Device Manager, specifically affecting the Device Manager Agent modules on...