ZDI-24-1159: G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-30377.

Read More

ZDI-24-1160: Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-40789.

Read More

ZDI-24-1156: Rockwell Automation ThinManager ThinServer Arbitrary File Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to read arbitrary files on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2024-7986.

Read More

ZDI-24-1157: Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7987.

Read More

USN-6977-1: QEMU vulnerabilities

Read Time:22 Second

It was discovered that QEMU did not properly handle certain memory
operations, which could result in a buffer overflow. An attacker could
potentially use this issue to cause a denial of service. (CVE-2024-26327)

It was discovered that QEMU did not properly handle certain memory
operations, which could result in an out-of-bounds memory access. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-26328)

Read More