ZDI-24-197: PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27332. READ MORE

Read More

ZDI-24-196: PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27324. READ MORE

Read More

SMA100 MFA Improper Access Control Vulnerability

SonicWall Security Advisory Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user’s MFA mobile application. There is no evidence that these vulnerabilities are being exploited in the wild. SonicWall strongly advises SMA 100 series product…

Read More

GCP-2024-013

Google Cloud Platform Security Advisory Published: 2024-02-23 Reference: CVE-2023-3610 GKE Description Severity The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2023-3610 GKE Standard clusters are impacted. GKE Autopilot clusters in the default configuration are not impacted, but might be vulnerable if…

Read More