ROS-2-1680

2.1680 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

SUSE SLED12 / SLES12 Security Update : python-reportlab (SUSE-SU-2023:2688-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2688-1 advisory. - Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. CVE-2023-33733...

FeehiCMS Arbitrary File Upload Vulnerability (CNVD-2023-58819)

FeehiCMS is a Php-based CMS builder. FeehiCMS version 2.0.8 has an arbitrary file upload vulnerability that can be exploited by remote attackers to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

PT-2023-25496 · Ateme · Ateme Flamingo Xl

Name of the Vulnerable Software and Affected Versions: Ateme Flamingo XL version 3.6.20 Ateme Flamingo XS version 3.6.5 Description: The issue allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via the session expiration function. Recommendations: For...

Liufee CMS File Upload vulnerability

File Upload vulnerability in Liufee CMS, AKA Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

CVE-2020-20703

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter...

CVE-2020-20697

CVE-2020-20697 affects the NodCMS v3.0 product, with a Cross-Site Scripting vulnerability in the address parameter that can allow an attacker to execute arbitrary code and access sensitive information. Several connected sources (e.g., Red Hat, CNVD, GHSA, OSV) describe the issue as XSS with poten...

CVE-2020-21246

Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function...

Ubuntu: Security Advisory (USN-6162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6162-1: Linux kernel (Intel IoTG) vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

CVE-2023-34944

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11. up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Ubuntu: Security Advisory (USN-6154-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2023-31244

The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer...

H3C Magic R300 Stack Overflow Vulnerability (CNVD-2023-52049)

The H3C Magic R300 is a wireless router from China's Xinhua San H3C. The H3C Magic R300 suffers from a stack overflow vulnerability that is caused by incorrect boundary checking of the EditBasicSID interface on /goform/aspForm. An attacker can exploit this vulnerability to cause a buffer overflow...

H3C Magic R300 Stack Overflow Vulnerability (CNVD-2023-52053)

The H3C Magic R300 is a wireless router from China's Xinhua San H3C. The H3C Magic R300 suffers from a stack overflow vulnerability that is caused by incorrect boundary checking of the EditvsList interface on /goform/aspForm. An attacker can exploit this vulnerability to cause a buffer overflow a...

Ubuntu: Security Advisory (USN-6121-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6122-1: Linux kernel (OEM) vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

CVE-2023-28080

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user non-admin can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM...