CVE-2023-32972 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CLSA-2023-1696351864 Fix CVE(s): CVE-2020-19726, CVE-2020-19724, CVE-2020-21490, CVE-2020-35342

SECURITY UPDATE: uninitialized-heap vulnerability in function tic4xprintcond in file opcodes/tic4x-dis.c - debian/patches/CVE-2020-35342.patch: Init all of condtable - CVE-2020-35342 SECURITY UPDATE: a memory consumption issue in getdata function in binutils/nm.c -...

Microsoft Error Reporting Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Error Reporting Local Privilege Elevation Vulnerability', 'Description' = %q This module takes advantage of a bug in the way Windows...

CVE-2023-43760

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure...

CLSA-2023-1695320045 Fix CVE(s): CVE-2023-4736

SECURITY UPDATE: An executable file with some well-known name like zip, gzip, and so on can be started from a current directory during some plugin is opening apropriate file that has a one of the extensions .zip, .gzip, .rb, and etc. This issue is effective only if the PATH environment variable h...

vim: Fix of CVE-2023-4736

CVE-2023-4736: improve search path to avoid run an executable in untrusted dir...

GHSA-PPJH-XP5V-46WC Croc sender may send dangerous new files to receiver

An issue was discovered in Croc before 9.6.16. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

Croc sender may send dangerous new files to receiver

An issue was discovered in Croc before 9.6.16. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

Design/Logic Flaw

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

PT-2023-28880 · Croc · Croc

Name of the Vulnerable Software and Affected Versions: Croc versions through 9.6.5 Description: An issue was discovered in Croc where a sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized keys file. Recommendations: For Croc versions through 9.6.5,...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...

Topaz Labs OFD Code Issue Vulnerability

Topaz Labs OFD is an application from Topaz Labs, Inc. A code issue vulnerability exists in Topaz Labs OFD version 2.11.0.201, which stems from an unknown section of the C:Program FilesTopaz OFDWarsawcore.exe file in the component Protection Module Warsaw, resulting in an unquoted search path...

NextBX QWAlerter Code Issue Vulnerability

NextBX QWAlerter is an application from NextBX Corporation. A code issue vulnerability exists in NextBX QWAlerter version 4.50, which stems from the presence of some unknown functions in QWAlerter.exe that result in unquoted search paths...

The vulnerability of the IGSSupdateservice.exe executable of the interactive graphical SCADA system, which allows a intruder to execute arbitrary code.

The vulnerability of the IGSSupdateservice.exe executable of the Interactive Graphical SCADA System IGSS update service is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading the malicious update file...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:3559-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3559-1 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion a...

CVE-2023-4581

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...