2841 matches found
CVE-2022-43623
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43647
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue...
CVE-2022-43619
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-37365
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs...
CVE-2023-25880 ZDI-CAN-19412: Adobe Dimension GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-25871 Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Substance 3D Stager versions 2.0.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-25654 baserCMS File Uploader Remote Code Execution (RCE) vulnerability
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution RCE Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch...
Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.32-alt1
3.1.32-alt1 built March 18, 2023 Vitaly Lipatov in task 316692 March 12, 2023 Vitaly Lipatov - .NET Core 3.1.32 and .NET Core SDK 3.1.426 releases - CVE-2022-41089: .NET Remote Code Execution Vulnerability - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-38013: .NET Denial o...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-31291)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Microsoft Excel Code Execution Vulnerability (CNVD-2023-53911)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
CVE-2023-23150
SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution...
Ghost Foundation node-sqlite3 code execution vulnerability
Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...
CVE-2023-23403 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
...
CVE-2023-27399
A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...
KB5023706: Windows 11 version 22H2 Security Update (March 2023)
The remote Windows host is missing security update 5023706. It is, therefore, affected by multiple vulnerabilities - An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An...
NETGEAR Nighthawk WiFi6 Router Code Execution Vulnerability
The NETGEAR Nighthawk WiFi6 Router is a series of wireless routers from NETGEAR. The NETGEAR Nighthawk WiFi6 Router suffers from a code execution vulnerability that stems from the fact that the device contains a file sharing mechanism that can be exploited by an attacker to execute arbitrary code...
CVE-2023-26076
creationtimestamp| type| source ---|---|--- 2023-03-13 17:23:33+00:00| seen| https://t.me/cibsecurity/59905 2023-03-16 18:07:00+00:00| seen| https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html 2023-03-20 14:22:52+00:00| published-proof-of-concept|...
CVE-2023-24033
creationtimestamp| type| source ---|---|--- 2023-03-13 15:53:22+00:00| seen| https://t.me/cibsecurity/59888 2023-03-16 18:07:00+00:00| seen| https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html 2023-03-17 15:00:08+00:00| seen| https://t.me/truesecator/4181...
PT-2023-21224 · Github · Github-Slug-Action
Name of the Vulnerable Software and Affected Versions: github-slug-action versions 4.0.0 through 4.4.1 Description: The github-slug-action uses the github.head ref parameter in an insecure way, allowing any user on GitHub to trigger the vulnerability by creating a pull request with a branch name...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...