Google Chrome < 114.0.5735.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 114.0.5735.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remot...

PT-2023-3739 · Advantech · Advantech Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 8.4.5 Description: The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file,...

Google Chrome < 114.0.5735.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 114.0.5735.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Out of bounds write in Swiftshader. CVE-2023-2929 - Use after free in...

Google Chrome < 114.0.5735.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 114.0.5735.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...

The vulnerability of D-Link DIR-825 router’s microprogramming software lies in the lack of measures to clean incoming data, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-825 router’s microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created POST request, ntpsync.cgi, through the ntpserver...

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Deep...

The vulnerability of Rockwell Automation’s distributed controller software ArmorStart ST, related to deficiencies in input data validation by users, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

SQL Injection Vulnerability in Online Exam System Version v1.0

Online Exam System is an online exam system. Online Exam System v1.0 suffers from a SQL injection vulnerability that originates from the lack of validation of external input SQL statements in the parameters columns, data of /jurusanmatkul/data. An attacker can exploit this vulnerability to execut...

(Pwn2Own) Lexmark MC3224i pagemark Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemark service. The issue results from the lack of proper...

(Pwn2Own) Lexmark MC3224i putinterval Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putinterval method. The issue results from the lack of proper...

Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Adobe Dimension SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

Siemens Siveillance Video Code Execution Vulnerability

Siveillance Video formerly known as Siveillance VMS is an IP video management software designed for deployments ranging from small and simple to large and highly secure. A code execution vulnerability exists in Siemens Siveillance Video due to the event server component of the affected applicatio...

Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Office Visio DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...