Code injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

CVE-2023-40252

The CVE-2023-40252 issue is an improper control of generation of code vulnerability in Genian NAC products (V4.0 from 4.0.0 to 4.0.155; V5.0 from 5.0.0 to 5.0.42; Suite V5.0 from 5.0.0 to 5.0.54; ZTNA from 6.0.0 to 6.0.15). The root cause is Code Injection that allows Replace Trusted Executable, ...

CVE-2023-40252

Improper Control of Generation of Code 'Code Injection' vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from...

CVE-2023-38840

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process...

CVE-2023-28479

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

PT-2023-26623 · Bitwarden · Bitwarden Desktop

Name of the Vulnerable Software and Affected Versions: Bitwarden Desktop versions 2023.7.0 and below Description: The issue allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. A local attacker can exploit this to gain access to sensitive data...

(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Bitwarden Security Breach

Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A security vulnerability exists in Bitwarden Desktop version v.2023.5.1, which originated from a vulnerability that allows a local attacker to obtain sensitive information via bitwarden.exe...

The vulnerability of the platform installer for SAP BusinessObjects Business Intelligence allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SAP BusinessObjects Business Intelligence platform installer is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow attackers to influence the confidentiality, integrity, and accessibility of the protected information by...

CVE-2023-32782

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerabili...

CVE-2023-32782

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerabili...

CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

PT-2023-24016 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A command injection issue was identified in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially...

Undesired Behavior

Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...

CVE-2023-37490

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the...

CVE-2023-37490

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the...

CVE-2023-36923

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application...

CVE-2023-37490

The CVE-2023-37490 entry concerns SAP Business Objects Installer (versions 420, 430). A network-authenticated attacker can overwrite an executable file created in a temporary directory during installation and replace it with a malicious file, enabling a full compromise of confidentiality, integri...

Rocky Linux 8 : thunderbird (RLSA-2023:4497)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4497 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document fil...

thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...