This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-30377.
Daily Archives: August 22, 2024
ZDI-24-1160: Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-40789.
ZDI-24-1155: PaperCut NG image-handler Directory Traversal Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-4712.
ZDI-24-1156: Rockwell Automation ThinManager ThinServer Arbitrary File Read Information Disclosure Vulnerability
This vulnerability allows local attackers to read arbitrary files on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2024-7986.
ZDI-24-1157: Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7987.
ZDI-24-1158: Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-7988.
USN-6977-1: QEMU vulnerabilities
It was discovered that QEMU did not properly handle certain memory
operations, which could result in a buffer overflow. An attacker could
potentially use this issue to cause a denial of service. (CVE-2024-26327)
It was discovered that QEMU did not properly handle certain memory
operations, which could result in an out-of-bounds memory access. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-26328)