CVE-2023-48661

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system...

CVE-2023-48660

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system...

Design/Logic Flaw

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system...

CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...

Remote Code Execution

gst-plugins-ugly GStreamer is vulnerable to Remote Code Execution. The vulnerability is caused due to an integer overflow within the parsing of MDPR chunks. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target syst...

Microsoft Windows win32kfull UMPDDrvBitBlt Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

Telit Cinterion BGS5 Security Vulnerability

Telit Cinterion BGS5 is a mobile communication module from Telit Communications Telit. A security vulnerability exists in Telit Cinterion that stems from a disclosure of sensitive information to unauthorized participants vulnerability that could allow an attacker to access sensitive data on the...

CVE-2023-25915

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system...

Input validation

Due to improper input validation, a remote attacker could execute arbitrary commands on the target system...

CVE-2023-25915 Authenticated Remote Command Execution in Danfoss AK-SM800A

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system...

Microsoft Exchange Server 安全漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

SQL Injection

postgraasserver is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the config parameter of the createpgconnection and createpostgresdb functions allows a malicious user to inject and execute arbitrary SQL queries on the target system...

Exploit for Improper Access Control in Citrix Sharefile_Storage_Zones_Controller

ShareFile RCE CVE-2023-24489 This is a Python script that e...

Microsoft Office 2016 Graphics Remote Code Execution Vulnerability (KB5002419)

This host is missing an important security update according to Microsoft KB5002419 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Sql injection

Vulnerable modules of Trend Micro Apex Central on-premise contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these...

CVE-2023-32536

Affected versions Trend Micro Apex Central on-premise are vulnerable to potential authenticated reflected cross-site scripting XSS attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order ...

Linux Kernel ksmbd RCU Callback Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2022-42430

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlanconfig data...

A Deserialization Vulnerability Found in Apache Dubbo

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apache has released a security notice for a deserialization vulnerability CVE-2023-23638 in Apache Dubbo that allows remote attackers to execute arbitrary code on the target system. To receive...

Privilege escalation

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not...