CVE-2023-35959

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...

CVE-2023-35960

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy...

CVE-2023-35962

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

CVE-2023-35963

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

Open-Xchange App Suite Operating System Command Injection Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite backend version 7.10.6-rev50. An attacker can exploit the vulnerability to execute arbitrary system commands...

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21911 Cross-site scripting vulnerability in TinyMCE

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

GHSA-MCPH-M25J-8J63 tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)

Summary The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The changed-files action returns a list of files changed in a commit or pull request which provides an escapejson...

SUSE SLED12 / SLES12 Security Update : libreoffice (SUSE-SU-2023:4984-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4984-1 advisory. - Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allo...

VulnCheck KEV: CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

Command injection

TOTOLINK EX1800T 9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data through snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti 1.2.25 and earlier versions have a SQL injection vulnerability th...

CVE-2023-0011

CVE-2023-0011 affects the TOBY-L2 family (TOBY-L200/TOBY-L201/TOBY-L210/TOBY-L220/TOBY-L280). A flaw in input validation allows an attacker with physical access to the serial interface to execute arbitrary OS commands via crafted AT commands, granting root privileges, enabling reading system file...

MajorDoMo Command Execution Vulnerability (CNVD-2024-0217529)

MajorDoMo is an open source DIY smart home automation platform from the MajorDoMo community. MajorDoMo suffers from a command execution vulnerability that stems from the file thumb.php failing to properly filter construct command special characters, commands, and more. An attacker can exploit thi...

Improper Input Validation

libreoffice is vulnerable to Execution with Unnecessary Privileges. The vulnerability is due to there is no sanitization or escaping for the filename of an embedded video when it is passed to GStreamer. This flaw allows an attacker to execute arbitrary GStreamer plugins...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-04933)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Fedora 38 : libcmis / libreoffice (2023-0d971cd6aa)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-0d971cd6aa advisory. 7.5.9.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...

Input validation

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...