CVE-2023-38126

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...

Remote code execution

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...

CVE-2023-38126 Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...

TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper...

OESA-2023-1925 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request...

postgresql: Buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

AZL-32104 CVE-2023-5869 affecting package postgresql for versions less than 14.10-1

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

AXIS Os Path Traversal Vulnerability

AXIS Os is an edge device operating system from AXIS of Sweden. AXIS Os has a security vulnerability that stems from the VAPIX API Manageoverlayimage.cgi is vulnerable to a path traversal attack that allows file/folder deletion. The flaw can only be exploited after authenticating with an operator...

PT-2023-7488 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API dynamicoverlay.cgi is vulnerable to a Denial-of-Service attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axis device...

PT-2023-7489 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API irissetup.cgi is vulnerable to path traversal attacks, allowing for file deletion. This issue can only be exploited after authenticating with an operator- or...

Microsoft Exchange GsmWriter Deserialization of Untrusted Data NTLM Relay Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition or relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of...

CVE-2023-47646

Auth. Shop Manager+ Stored Cross-Site Scripting XSS vulnerability in CedCommerce Recently viewed and most viewed products plugin = 1.1.1 versions...

CVE-2023-27306

Improper Initialization in firmware for some IntelR OptaneTM SSD products may allow an authenticated user to potentially enable denial of service via local access...

PT-2023-29242 · Tp Link · Tp-Link Archer A54

Name of the Vulnerable Software and Affected Versions: TP-Link Archer A54 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. The specific flaw exists within the file libcmm.so...

CLSA-2023-1699907659 Fix CVE(s): CVE-2023-32360

SECURITY UPDATE: An unauthenticated user may be able to access recently printed documents. The config file /etc/cups/cupsd.conf should be edited manually in case the cups has been already installed in the system: the and sections should be changed according to the patch. -...

CLSA-2023-1699907536 Fix CVE(s): CVE-2023-32360

SECURITY UPDATE: An unauthenticated user may be able to access recently printed documents. The config file /etc/cups/cupsd.conf should be edited manually in case the cups has been already installed in the system: the and sections should be changed according to the patch -...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...

CVE-2023-5860

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

PT-2023-20648 · Unknown · Chronosrmiservice

Name of the Vulnerable Software and Affected Versions: ChronosRMIService affected versions not specified Description: The issue allows attackers with local or adjacent network access to abuse the RMI service and modify calendar items using RMI, due to a lack of authentication requirement when...

CVE-2023-45357

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 6.14.0 is also a fixed release...