Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...

Adobe Substance 3D Stager out-of-bounds write vulnerability (CNVD-2023-43897)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Stager Buffer Overflow Vulnerability (CNVD-2023-41876)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Sql injection

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...

Design/Logic Flaw

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file...

CVE-2023-27235

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file...

CVE-2023-27235

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file...

Ubuntu: Security Advisory (USN-5951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA48571 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in...

CVE-2023-27853

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device...

CVE-2023-27164

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file...

Ubuntu: Security Advisory (USN-5935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24282

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file...

Ubuntu: Security Advisory (USN-5932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LSN-0092-1: Kernel Live Patch Security Notice

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code.CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

CVE-2023-24734

An arbitrary file upload vulnerability in the cameraupload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file...

CVE-2023-26949

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2023-26949

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file...

USN-5915-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

Ubuntu: Security Advisory (USN-5905-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...