This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-4044.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 9.9. The following CVEs are assigned: CVE-2024-28075.
This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-23473.
Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Siemens Ruggedcom Crossbow Access Management solution designed to provide cybersecurity compliance for industrial control systems. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or clickjacking.
Amel Bouziane-Leblond discovered that LibreOffice’s support for binding
scripts to click events on graphics could result in unchecked script
execution.
A security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure. Google is aware that an exploit for CVE-2024-4761 exists
in the wild.
Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Acrobat is a family of application software and Web services used to view, create, manipulate, print and manage Portable Document Format (PDF) files.
Adobe Substance3D Painter is a 3D painting software that allows users to texture and add materials directly to 3D meshes in real-time.
Adobe Substance3D Designer is a 3D design software that generates textures from procedural patterns inside node-based graphs.
Adobe Aero is a cross platform solution that enables creatives with no coding and mininmal 3D experience to design, share, and view interactive augmented reality experiences.
Adobe FrameMaker lets you create structured or template-based documents, review and collaborate with multiple content management systems and publish to a multitude of devices.
Adobe Dreamweaver is a proprietary web development tool.
Adobe Illustrator is a vector graphics editor and design software.
Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
