<?xml version="1.0" encoding="utf-8"?> <rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"> <channel> <atom:link href="https://www.zerodayinitiative.com/rss/published/" rel="self" type="application/xml" /> <title><![CDATA[ZDI: Published Advisories]]></title> <link>http://www.zerodayinitiative.com/advisories/published/</link> <description><![CDATA[The following is a list of publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure. All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. ]]></description> <pubDate>Thu, 28 Nov 2024 20:53:44 -0600</pubDate> <copyright>Trend Micro, all rights reserved</copyright> <language>en</language> <item> <title><![CDATA[ZDI-24-1630: (0Day) Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24548</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1630/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11933.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1629: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24771</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1629/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11803.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1628: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24770</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1628/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11802.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1627: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24769</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1627/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11801.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1626: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24768</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1626/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11800.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1625: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24664</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1625/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11799.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1624: (0Day) Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24663</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1624/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11798.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1623: (0Day) Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24662</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1623/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11797.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1622: (0Day) Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24506</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1622/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11796.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1621: (0Day) Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24505</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1621/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11795.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1620: (0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24504</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1620/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11794.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1619: (0Day) Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24503</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1619/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11793.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1618: (0Day) Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24502</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1618/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11792.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1617: (0Day) Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24450</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1617/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11791.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1616: (0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24449</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1616/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11790.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1615: (0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24448</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1615/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11789.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1614: (0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24413</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1614/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11787.]]></description> <pubDate>Wed, 27 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1613: Intel Driver &amp; Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23927</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1613/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver &amp; Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-36488.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1612: Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23826</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1612/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11581.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1611: Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23700</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1611/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11580.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1610: Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23697</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1610/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11579.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1609: Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23693</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1609/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11578.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1608: Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23685</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1608/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11577.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1607: Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23681</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1607/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11576.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1606: 7-Zip Qcow Handler Infinite Loop Denial-of-Service Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24307</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1606/</link> <description><![CDATA[This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-11612.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1605: Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24608</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1605/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-49529.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1604: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22177</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1604/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11507.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1603: IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22184</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1603/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11508.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1602: IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22185</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1602/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11509.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1601: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23971</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1601/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11513.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1600: IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24011</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1600/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11516.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1599: IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23975</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1599/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11514.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1598: IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24010</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1598/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11515.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1597: IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24118</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1597/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11517.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1596: IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24444</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1596/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11518.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1595: IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24445</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1595/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11519.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1594: IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22169</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1594/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11506.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1593: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24598</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1593/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11524.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1592: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24597</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1592/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11523.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1591: IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24599</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1591/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11525.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1590: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24595</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1590/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11522.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1589: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24602</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1589/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11528.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1588: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24629</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1588/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11538.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1587: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24615</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1587/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11532.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1586: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24616</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1586/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11533.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1585: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24617</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1585/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11534.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1584: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24618</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1584/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11535.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1583: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24619</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1583/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11536.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1582: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24620</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1582/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11537.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1581: IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24754</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1581/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11554.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1580: IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24488</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1580/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11520.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1579: IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24578</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1579/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11521.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1578: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24853</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1578/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11560.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1577: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24857</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1577/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11561.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1576: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24860</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1576/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11563.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1575: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24871</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1575/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11567.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1574: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24873</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1574/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11569.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1573: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24900</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1573/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11574.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1572: IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24858</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1572/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11562.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1571: IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24885</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1571/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11570.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1570: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24897</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1570/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11572.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1569: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24901</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1569/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11575.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1568: IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24864</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1568/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11564.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1567: IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24866</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1567/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11565.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1566: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24895</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1566/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11571.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1565: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24898</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1565/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11573.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1564: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24868</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1564/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11566.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1563: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24872</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1563/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11568.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1562: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24795</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1562/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11556.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1561: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24807</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1561/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11557.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1560: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24808</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1560/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11558.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1559: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24780</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1559/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11555.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1558: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24809</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1558/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11559.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1557: IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22718</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1557/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11510.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1556: IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22735</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1556/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11511.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1555: IrfanView WBZ Plugin WB1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22741</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1555/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11512.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1554: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24752</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1554/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11553.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1553: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24699</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1553/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11539.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1552: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24702</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1552/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11541.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1551: IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24700</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1551/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11540.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1550: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24703</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1550/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11542.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1549: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24749</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1549/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11551.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1548: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24704</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1548/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11543.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1547: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24746</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1547/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11549.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1546: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24751</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1546/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11552.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1545: IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24745</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1545/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11548.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1544: IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24732</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1544/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11547.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1543: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24714</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1543/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11546.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1542: IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24709</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1542/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11545.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1541: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24707</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1541/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11544.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1540: IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24748</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1540/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11550.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1539: IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24600</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1539/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11526.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1538: IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24601</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1538/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11527.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1537: IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24604</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1537/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11529.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1536: IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24605</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1536/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11530.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1535: IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24606</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1535/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11531.]]></description> <pubDate>Thu, 21 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1534: Microsoft SharePoint Server FindSpecific Unsafe Reflection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24221</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1534/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-38024.]]></description> <pubDate>Wed, 20 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1533: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23477</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1533/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8424.]]></description> <pubDate>Wed, 20 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1532: 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24346</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1532/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11477.]]></description> <pubDate>Wed, 20 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1531: RSA Security SecureID Software Token for Microsoft Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-21830</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1531/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of RSA Security SecureID Software Token for Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The ZDI has assigned a CVSS rating of 7.8.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1530: WordPress Core maybe_unserialize Deserialization of Untrusted Data Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22613</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1530/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of WordPress Core. Authentication may be required to exploit this vulnerability, depending on the product configuration. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-31210.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1529: Dassault Syst猫mes eDrawings Viewer X_B File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25011</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1529/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst锟斤拷mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-10204.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1528: Dassault Syst猫mes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25038</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1528/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst锟斤拷mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-10204.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1527: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24521</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1527/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52573.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1526: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24485</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1526/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52571.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1525: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24237</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1525/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52567.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1524: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24233</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1524/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52566.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1523: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24231</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1523/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52565.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1522: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24365</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1522/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52570.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1521: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24260</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1521/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52569.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1520: Siemens Tecnomatix Plant Simulation WRL File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24244</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1520/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52568.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1519: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24543</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1519/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52574.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1518: Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24486</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1518/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52572.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1517: McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24269</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1517/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-49592.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1516: Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25215</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1516/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-51503.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1515: (0Day) Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25012</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1515/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11394.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1514: (0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25191</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1514/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11393.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1513: (0Day) Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24322</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1513/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-11392.]]></description> <pubDate>Tue, 19 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1512: Progress Software WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23661</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1512/</link> <description><![CDATA[This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-7763.]]></description> <pubDate>Mon, 18 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1511: Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25090</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1511/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-49032.]]></description> <pubDate>Thu, 14 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1510: Ivanti Endpoint Manager GetComputerID SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25414</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1510/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-50330.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1509: Ivanti Endpoint Manager vulscan Directory Traversal Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25250</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1509/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-50329.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1508: Ivanti Endpoint Manager GetDetectedVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25063</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1508/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-50328.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1507: Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25057</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1507/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-50327.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1506: Ivanti Endpoint Manager serverStorage SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25054</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1506/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-50326.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1505: Ivanti Endpoint Manager GetFilePath Directory Traversal Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24834</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1505/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-50324.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1504: Ivanti Endpoint Manager TestAllowedSQL SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24782</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1504/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-50323.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1503: Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24273</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1503/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-50322.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1502: Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24293</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1502/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-37376.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1501: Ivanti Endpoint Manager EFile Directory Traversal Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24272</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1501/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34787.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1500: Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24297</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1500/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34784.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1499: Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24295</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1499/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34782.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1498: Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24294</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1498/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34781.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1497: Ivanti Endpoint Manager MP_QueryDetail SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24292</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1497/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34781.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1496: Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24289</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1496/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-32847.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1495: Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24286</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1495/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-32844.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1494: Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24283</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1494/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-32841.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1493: Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24281</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1493/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-32839.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1492: Ivanti Avalanche WLAvalancheService TV_FP Infinite Loop Denial-of-Service Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25455</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1492/</link> <description><![CDATA[This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-50321.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1491: Ivanti Avalanche WLAvalancheService TV_FC Infinite Loop Denial-of-Service Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25454</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1491/</link> <description><![CDATA[This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-50320.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1490: Ivanti Avalanche WLAvalancheService TV_FN Infinite Loop Denial-of-Service Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25453</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1490/</link> <description><![CDATA[This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-50319.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1489: Ivanti Avalanche WLAvalancheService TV_FP Null Pointer Dereference Denial-of-Service Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25357</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1489/</link> <description><![CDATA[This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-50318.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1488: Ivanti Avalanche WLAvalancheService TV_FN Null Pointer Dereference Denial-of-Service Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25356</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1488/</link> <description><![CDATA[This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-50317.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1487: Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23545</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1487/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Secure Access Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7571.]]></description> <pubDate>Wed, 13 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1486: (0Day) G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-22629</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1486/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-6871.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1485: (0Day) Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24145</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1485/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9731.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1484: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24112</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1484/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9728.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1483: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24097</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1483/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9714.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1482: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24105</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1482/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9721.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1481: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24106</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1481/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9722.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1480: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24107</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1480/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9723.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1479: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24108</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1479/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9724.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1478: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24109</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1478/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9725.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1477: (0Day) Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24104</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1477/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9720.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1476: (0Day) Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24111</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1476/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9727.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1475: (0Day) Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24110</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1475/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9726.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1474: (0Day) Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23885</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1474/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9713.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1473: (0Day) Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23530</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1473/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9712.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1472: Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24589</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1472/</link> <description><![CDATA[This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Veeam Backup Enterprise Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-40715.]]></description> <pubDate>Tue, 12 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1471: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23479</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1471/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8424.]]></description> <pubDate>Mon, 11 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1470: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25010</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1470/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39354.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1469: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25009</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1469/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39605.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1468: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25008</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1468/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47131.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1467: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25007</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1467/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39605.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1466: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25006</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1466/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47131.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1465: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25005</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1465/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39605.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1464: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25004</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1464/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39354.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1463: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25003</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1463/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47131.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1462: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25002</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1462/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39605.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1461: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25001</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1461/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39605.]]></description> <pubDate>Fri, 08 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1460: Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24538</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1460/</link> <description><![CDATA[This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7. The following CVEs are assigned: CVE-2024-39842.]]></description> <pubDate>Wed, 06 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1459: Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24537</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1459/</link> <description><![CDATA[This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7. The following CVEs are assigned: CVE-2024-39843.]]></description> <pubDate>Wed, 06 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1458: Centreon updateContactServiceCommands_MC SQL Injection Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24535</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1458/</link> <description><![CDATA[This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7. The following CVEs are assigned: CVE-2024-39842.]]></description> <pubDate>Wed, 06 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1457: Delta Electronics InfraSuite Device Master _gExtraInfo Deserialization of Untrusted Data Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24594</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1457/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-10456.]]></description> <pubDate>Wed, 06 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1456: Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25282</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1456/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The ZDI has assigned a CVSS rating of 8.5.]]></description> <pubDate>Tue, 05 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1455: Linux Kernel Net Scheduler ATM Queuing Discipline Use-After-Free Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23237</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1455/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.]]></description> <pubDate>Tue, 05 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1454: Linux Kernel nftables Improper Validation of Array Index Local Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24184</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1454/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.]]></description> <pubDate>Tue, 05 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1453: X.Org Server XkbSetCompatMap Heap-based Buffer Overflow Privilege Escalation Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24756</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1453/</link> <description><![CDATA[This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9632.]]></description> <pubDate>Tue, 05 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1452: Autodesk AutoCAD CATPART File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24943</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1452/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8592.]]></description> <pubDate>Mon, 04 Nov 2024 00:00:00 -0600</pubDate> </item> <item> <title><![CDATA[ZDI-24-1451: Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24763</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1451/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-44284.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1450: Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25146</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1450/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44283.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1449: Apple macOS CoreFoundation Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25163</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1449/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44282.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1448: Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25148</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1448/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44281.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1447: Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25147</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1447/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44279.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1446: Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25084</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1446/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44237.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1445: Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25085</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1445/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-44236.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1444: Apple SceneKit Improper Validation of Array Index Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25204</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1444/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Scenekit framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-44218.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1443: Apple macOS ImageIO JP2 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-23979</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1443/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44215.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1442: Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25214</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1442/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44240, CVE-2024-44302.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1441: Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24946</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1441/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8587.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1440: Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25032</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1440/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8600.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1439: Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24969</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1439/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8588.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1438: Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25133</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1438/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8596.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1437: Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25138</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1437/</link> <description><![CDATA[This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-8589.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1436: Autodesk AutoCAD 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25033</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1436/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8590.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1435: Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25072</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1435/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8591.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1434: Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25107</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1434/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8593.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1433: Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24955</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1433/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8594.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1432: Autodesk AutoCAD MODEL File Parsing Use-After-Free Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-25126</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1432/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8595.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> <item> <title><![CDATA[ZDI-24-1431: Autodesk AutoCAD STEP File Parsing Memory Corruption Remote Code Execution Vulnerability]]></title> <guid isPermaLink="false">ZDI-CAN-24961</guid> <link>http://www.zerodayinitiative.com/advisories/ZDI-24-1431/</link> <description><![CDATA[This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8597.]]></description> <pubDate>Thu, 31 Oct 2024 00:00:00 -0500</pubDate> </item> </channel> </rss>