CVE-2023-37329

A heap-based buffer overflow vulnerability was found in the PGS Blu-ray subtitle decoder within GStreamer when processing specific files. This issue could allow a malicious third party to crash the application and execute code by manipulating the heap. Mitigation Mitigation for this issue is eith...

Soledad < 8.4.2 - Unauthenticated PHP Object Injection

Description The Soledad theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.4.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable theme. If a...

PT-2023-9072 · Qnap · Quts Hero +1

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.0.1.2514 build 20230906 QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.2.2534 build 20230927 Description: A buffer copy witho...

CVE-2023-6288

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIBINSERTLIBRARIES environment variable...

The vulnerability of the Perl programming language, related to buffer overflows in dynamic memory, allows attackers to cause system failures or execute arbitrary code.

The vulnerability of the Perl programming language is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause system failures or execute arbitrary code...

Flatsome < 3.17.6 - Unauthenticated PHP Object Injection

Description The Flatsome theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.17.5 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed o...

Adobe Premiere Pro Out-of-Bounds Read Vulnerability (CNVD-2023-95448)

Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

Sql injection

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request...

CVE-2023-43581

A buffer overflow was reported in the UpdateWMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-43579

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

Buffer overflow

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

PT-2023-28863 · Lenovo · Lenovo Desktop

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the UltraFunctionTable module that may allow a local attacker with elevated privileges to execute arbitrary code. Recommendations: At the...

Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion

Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...

CVE-2021-26735

The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges...

CVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

Ubuntu: Security Advisory (USN-6441-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : RPM Package Manager vulnerabilities (USN-5273-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5273-1 advisory. Demi M. Obenour discovered that RPM Package Manager incorrectly handled certain files. An attacker could possibly use this issue ...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Adobe Commerce SQL注入漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A SQL injection vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of validation of external...

CVE-2023-43625

A vulnerability has been identified in Simcenter Amesim All versions V2021.1. The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process...