thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

Code Injection

net.bramp.ffmpeg:ffmpeg is vulnerable to Code Injection. An FFmpeg object can be created using the constructor in FFmpeg.java, but it does not validate the ffmpeg executable path, which allow an attacker to execute malicious code on the system...

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/macos-arm64 (>=8.0.0 <=8.6.7)

@pnpm/macos-arm64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

Debian DSA-5463-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5463 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fa...

CVE-2023-33742

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe...

Improper Filename Validation

Thunderbird is vulnerable to Improper Filename Validation. the vulnerability is due to a lack of preventing text direction override unicode characters in filename attachments. This can allow an attacker to attach an executable file, without the extension displayed as such...

TeleAdapt RoomCast TA-2400 安全漏洞

The TeleAdapt RoomCast TA-2400 is an all-in-one, self-contained, top-quality content streaming box for guest rooms from TeleAdapt UK. A security vulnerability exists in TeleAdapt RoomCast TA-2400 versions 1.0 through 3.1, which stems from the use of plaintext storage for the RSA private key in...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

CVE-2023-35067

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

Design/Logic Flaw

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701...

CVE-2023-35067 Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

CVE-2023-35067 Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

PT-2023-15101 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered in the software, allowing Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs executed on the server at...

Infodrom Software E-Invoice Approval System 安全漏洞

Infodrom Software E-Invoice Approval System is an electronic invoice approval system from Infodrom Software, Turkey. A security vulnerability exists in Infodrom Software E-Invoice Approval System prior to version v.20230701, which stems from a plaintext stored password vulnerability that allows...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

CVE-2023-3417

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

CVE-2023-3322 Code Execution through overwriting service executable in utilities directory

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

Design/Logic Flaw

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...

DEBIAN-CVE-2023-3417

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...