#vulnerability

Ubuntu Security Notice 6896-5 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.

PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.

NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.

Minfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy AFS/AFR are affected: AFS650: Version 9.1.08 and prior AFS660-C: Version 7.1.05 and prior AFS665-B: Version 7.1.05 and prior AFS670-V2: Version 7.1.05 and prior AFS670: Version 9.1.08 and prior AFS675: Version 9.1.08 and prior AFS677: Version 9.1.08 and prior AFR677: Version 9.1.08 and prior 3.2 Vulnerability Overview 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments LabVIEW products are affected: LabVIEW: Versions 24.1f0 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 LabVIEW is vulnerable to an out-of-bounds read, which could allow a local attacker to execute arbitrary code on affected installations of LabVIEW. User interaction is required to exploit the vulnerabilities in that the user must open a malicious VI file. CVE-2024-4079 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:...