Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js ejs module code execution vulnerability( CVE-2023-29827)

Summary Potential Node.js ejs module code execution vulnerability CVE-2023-29827 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow...

Pluck 跨站脚本漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, which originates from a cross-site scripting XSS vulnerability in file /admin.php. An attacker can exploit the vulnerability by uploading a...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform version 2.4-m-2 and prior versions, which originates from a vulnerability that allows a user with view rights to a documen...

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

CVE-2023-32031 Microsoft Exchange Server Remote Code Execution Vulnerability

...

CVE-2023-33131

Microsoft Outlook Remote Code Execution Vulnerability...

CVE-2023-33133 Microsoft Excel Remote Code Execution Vulnerability

...

June 13, 2023-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5027542)

June 13, 2023-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8.1 and Windows Server 2012 R2 KB5027542 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microso...

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

KB5027219: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2023)

The remote Windows host is missing security update 5027219. It is, therefore, affected by multiple vulnerabilities - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability CVE-2023-29363, CVE-2023-32014, CVE-2023-32015 - Windows Collaborative Translation Framework Elevation o...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

ManageEngine ServiceDesk Plus MSP < 13.0 Build 13001 RCE

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 13.0 Build 13001 due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections,...

CVE-2023-32203 Horner Automation Cscape Out-of-bounds Write

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system including system files, inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

CVE-2023-33440

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=saveuser...

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a leading integration platform with service offerings that help you understand, cleanse, monitor, transform and deliver data. A code execution vulnerability exists in IBM InfoSphere Information Server version 11.7, which can be exploited by an attacker to...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)

Summary A code execution vulnerability in Apache Kafka used byIBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

Adobe Substance 3D Painter Out-of-Bounds Read Vulnerability (CNVD-2023-40146)

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...

Adobe Substance 3D Painter Out-of-Bounds Write Vulnerability

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...

CVE-2023-25006

A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution...