Daily CVE Reports (Page 8)

Latest

Linux

CVE-2024-20328: Command Injection Vulnerability in ClamAV's VirusEvent Feature

Executive Summary CVE-2024-20328 is a command injection vulnerability discovered in the VirusEvent feature of ClamAV, a widely used open-source antivirus engine. This vulnerability allows a local attacker to execute arbitrary commands on the system with the privileges of the user running the ClamAV daemon (clamd). The root cause lies in

CVE-2024-4885: Unauthenticated Remote Code Execution in Progress WhatsUp Gold

Executive Summary CVE-2024-4885 is a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Progress WhatsUp Gold versions prior to 2023.1.3. This vulnerability allows an attacker to execute arbitrary commands on the target system with IIS AppPool\NmConsole privileges. Exploitation is achieved through the WhatsUp.ExportUtilities.Export.GetFileWithoutZip method,

See all