Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to remote code execution vulnerability (CVE-2023-23477)

Summary IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to remote code execution vulnerability CVE-2023-23477. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a securi...

CVE-2021-33391

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode function in gdoc.c...

CVE-2023-21529

Microsoft Exchange Server Remote Code Execution Vulnerability...

CVE-2023-21718 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2023-24994

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

CVE-2023-24978

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current...

End of support for Office 2016 and Office 2019

None None...

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: February 14, 2023 (KB5002325)

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: February 14, 2023 KB5002325 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about...

CVE-2023-24576

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service nsrexecd irrespective of any auth used...

CVE-2023-24163

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine...

CVE-2022-48116

AyaCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the component /admin/tpledit.inc.php...

CVE-2022-42382

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

CVE-2022-40718

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

Command Injection

froxlor/froxlor is vulnerable to Command Injection. The vulnerability is due to an Arbitrary File Write in the logging module which allows an attacker to overwrite an arbitrary file, and Template Injection. A remote authenticated attacker can chain these vulnerabilities together, resulting in...

CVE-2021-37774

An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code...

CVE-2023-21548

Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability...

CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

SUSE-SU-2022:4642-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content bsc1206474. - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. -...

CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-43601

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...