IBM DB2 安全漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An elevation of privilege vulnerability exists in IBM DB2, which can be exploited by an attacker t...

PT-2023-25467 · Avg · Avg Anti-Spyware

Name of the Vulnerable Software and Affected Versions: AVG Anti-Spyware version 7.5 Description: An issue in AVG Anti-Spyware allows an attacker to execute arbitrary code via a crafted script to the guard.exe component. Recommendations: For AVG Anti-Spyware version 7.5, consider updating to a new...

CVE-2023-27558 IBM Db2 privilege escalation

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected...

Server Side Request Forgery (SSRF)

wp-graphql/wp-graphql is vulnerable to Server Side Request Forgery SSRF. The vulnerability exists due to executable paths in GraphQL queries like createMediaItem, which allows authenticated users to get unauthorized access to servers, thus jeopardizing server security...

DEBIAN-CVE-2023-25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...

UBUNTU-CVE-2023-25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...

Security Vulnerabilities fixed in Thunderbird 102.13.1 — Mozilla

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension...

WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)

Impact Users with capabilities to upload media editors and above are succeptible to SSRF Server-Side Request Forgery when executing the createMediaItem Mutation. Authenticated users making GraphQL requests that execute the createMediaItem could pass executable paths in the mutations filePath...

Design/Logic Flaw

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LDLIBRARYPATH, set LDPRELOAD, or run an executable file in a debugger...

CVE-2023-29145

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LDLIBRARYPATH, set LDPRELOAD, or run an executable file in a debugger...

Malwarebytes 安全漏洞

Malwarebytes is an application that provides anti-malware functionality to devices from the US-based company Malwarebytes. The software is designed to defend against viruses, spyware, Trojans, worms, dial-up programs, and other malware. debug is a small JavaScript debugging utility open-sourced b...

MAL-2023-1096 Malicious code in @okcoin-dev/blade (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 71645eda002c3a56f041a1c91f7072a640455be1d5bed1cc7cf67fd4c1cff44b The OpenSSF Package Analysis project identified '@okcoin-dev/blade' @ 1.11.33 npm as malicious. It is considered malicious because: - The packag...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System (IGSS) allows a intruder to execute arbitrary code.

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System IGSS is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2023-32752

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servi...

CVE-2023-32752

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servi...

CVE-2023-32753

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

CVE-2023-32753 ITPison OMICARD EDM - Arbitrary File Upload

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

LabCollector 代码问题漏洞

LabCollector is an all-in-one laboratory management platform from LabCollector, Inc. A security vulnerability exists in LabCollector versions 6.0 through 6.15. An attacker can exploit the vulnerability to upload executable PHP files and execute system commands...