Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-56537)

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an out-of-bounds write...

Siemens Tecnomatix Plant Simulation Type Obfuscation Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. A type confusion vulnerability exists in Siemens Tecnomatix Plant Simulation, whi...

Siemens Tecnomatix Plant Simulation Heap Buffer Overflow Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from a heap buffer overflow...

KLA50777 ACE vulnerability in Mozilla Firefox

Use after free vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories MFSA2023-26 Related products Mozilla-Firefox CVE list CVE-2023-3600 critical Solution Update to the latest version...

CVE-2023-34193

CVE-2023-34193 affects Zimbra ZCS 8.8.15 where an authenticated privileged user can upload via the ClientUploader function, enabling arbitrary code execution and access to sensitive data. Root cause is a file-upload pathway vulnerability in Zimbra ZCS; impact includes high confidentiality, integr...

Ubuntu 资源管理错误漏洞

Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. Ubuntu suffers from a security vulnerability that stems from the Account Service incorrectly handling certain messages, which can be exploited by a local attacker to cause a...

The vulnerability of My Cloud OS, a network storage operating system, related to bypassing authentication through spoofing, allows attackers to access user data and execute arbitrary code.

The vulnerability of My Cloud OS network storage operating systems involves bypassing authentication through spoofing. Exploiting this vulnerability allows a remote attacker to gain access to user data and execute arbitrary code...

Apple Multiple Products Integer Overflow Vulnerability

Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges...

CVE-2023-2270

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration fil...

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to circumvent a security measure, gain access to arbitrary files on the vulnerable system and execute arbitrary code. Adobe has released updates to fix the vulnerabilities in Adobe Commerc...

miniCal CSV Injection Vulnerability

miniCal is miniCal open source an open source PMS. miniCal 1.0.0 and earlier versions exist CSV injection vulnerability , the vulnerability stems from improperly neutralized formula elements in CSV files , an attacker can exploit the vulnerability to remotely execute code...

The vulnerability of the microprogrammed software of the D-Link DIR-615 network device allows a hacker to execute arbitrary code.

The vulnerability of the D-Link DIR-615 network device’s microprogramming software is related to the lack of measures taken to neutralize the special elements used in the operating system’s command structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-28080

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user non-admin can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM...

USN-6104-1 postgresql-10, postgresql-12, postgresql-14, postgresql-15 vulnerabilities

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. CVE-2023-2454 Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security...

CVE-2023-2505

The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files...

Amazon Linux 2 : inkscape (ALAS-2023-2043)

The version of inkscape installed on the remote host is prior to 0.92.2-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2043 advisory. Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized...

Command injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...

CVE-2022-29842 Command Injection Vulnerability in Western Digital My Cloud devices

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...

The vulnerability of the Git repository management system Gitea lies in its ability to bypass authentication procedures by using capture-replay techniques for intercepted parameters. This allows attackers to circumvent security restrictions, gain unauthorized access to read, modify, or delete data, or execute arbitrary code.

The vulnerability of the Git repository management system Gitea relates to exploiting a authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability allows an attacker operating remotely to circumvent security restrictions,...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-1864)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...