This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft AirSim. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
Category Archives: Advisories
ZDI-24-1063: Microsoft Reactor Workshops reactorworkshops Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Reactor Workshops. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1062: Microsoft Fluid Framework prague Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Fluid Framework. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1061: Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft What The Hack. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1060: Microsoft Azure Aztack aztack1528763526 Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Aztack for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1059: Microsoft Azure Linux Automation konkaciwestus1 Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Azure Linux Automation for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1058: Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NodeJS LogPoint for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1087: (0Day) oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-7547.
ZDI-24-1086: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7546.
ZDI-24-1085: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7545.