Authentication flaw

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

Fedora 36 : ffmpeg (2023-1e24db98a6)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1e24db98a6 advisory. New release with bug fixes across the tree Contains security fixes for CVE-2022-48434 and CVE-2022-3109. Tenable has extracted the preceding...

Path traversal

A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a...

Advisory ROSA-SA-2023-2156

Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...

Adobe Substance 3D Stager Resource Management Error Vulnerability

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A resource management error vulnerability exists in Adobe Substance 3D Stager 2.0.1 and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

CVE-2023-29627

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server...

CVE-2023-29625

Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server...

Fedora 37 : ffmpeg (2023-32c3bbbbc9)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-32c3bbbbc9 advisory. New release with bug fixes across the tree Contains security fix for CVE-2022-48434 . Tenable has extracted the preceding description block directly from the...

CVE-2023-26852

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...

CVE-2021-46878

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...

PT-2023-2310 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to insufficient input validation in Microsoft Office, which can be exploited to execute arbitrary code. Recommendations: At the moment, there is no information...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Vulnerability (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by a vulnerability: - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forb...

KLA48823 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute...

CVE-2023-27178

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file...

CVE-2023-27720

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub48d630 function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

CVE-2023-27719

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub478360 function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

CVE-2023-25217

Tenda AC5 USAC5V1.0RTLV15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

CVE-2023-25219

Tenda AC5 USAC5V1.0RTLV15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

CVE-2023-27017

Tenda AC10 USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the sub45DC58 function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...