Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154

Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID ...

GHSA-G857-47PM-3R32 laravel-admin has Arbitrary File Upload vulnerability

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2023-24249

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

Ubuntu: Security Advisory (USN-5881-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K46303125: LibTIFF vulnerability CVE-2016-3990

Security Advisory Description Heap-based buffer overflow in the horizontalDifference8 function in tifpixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image to tiffcp. CVE-2016-3990 Impact There is no...

K64412100: PHP vulnerability CVE-2016-4073

Security Advisory Description Multiple integer overflows in the mbflstrcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via ...

K17061: Multiple PHP vulnerabilities

Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...

K16819: Linux kernel vulnerability CVE-2015-3331

Security Advisory Description The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow an...

K35799130: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-5399 The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted bz2 archive. CVE-2016-6291 The...

K81732330: Poppler vulnerability CVE-2013-4473

Security Advisory Description Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a source filename. CVE-2013-4473 Impact There is no impact; F5...

K16380: FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659

Security Advisory Description CVE-2014-9656 The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a...

Adobe Bridge out-of-bounds write vulnerability (CNVD-2023-13728)

Adobe Bridge is a file viewer from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe Bridge, which can be exploited to execute arbitrary code in the context of the current user...

Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)

Summary There is a vulnerability in open source Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to execute arbitrary code on the vulnerable system or cause a denial of service...

Adobe Bridge out-of-bounds write vulnerability (CNVD-2023-14293)

Adobe Bridge is a file viewer from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe Bridge, which can be exploited to execute arbitrary code in the context of the current user...

CVE-2022-48325

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 year, 2 oldSenha, 3 novaSenha, 4 termo, 5 nome, 6 cnpj, 7 ie, 8 cep, 9 logradouro, 10 numero, 11 bairro, 12 cidade, 13 uf, 14 telefone, 15 email, 16 id,...

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 nome, 2 aCliente, 3 eCliente, 4 dCliente, 5 vCliente, 6 aProduto, 7 eProduto, 8 dProduto, 9 vProduto, 10 aServico, 11 eServico, 12 dServico, 13 vServico...

Ubuntu: Security Advisory (USN-5874-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

SUSE CVE-2013-1653

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...