Ubuntu: Security Advisory (USN-5809-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA20163 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in File System API can be exploited to caus...

USN-5799-1: Linux kernel (OEM) vulnerability

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

CVE-2022-46610

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-46610

CVE-2022-46610 affects 72crm v9. The issue is an arbitrary file upload via the avatar upload function, allowing execution of crafted PHP code. Underlying cause: improper handling of uploaded files in the avatar feature (no details on root cause beyond the description). Impact per sources: potenti...

Mozilla Thunderbird Security Advisory (MFSA2020-26) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

CVE-2022-46610

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in jackson-databind in B2B API. Vulnerability Details CVEID:CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base scor...

USN-5787-2: Libksba vulnerability

USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to...

Ubuntu: Security Advisory (USN-5788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5787-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...

TRENDnet TEW-755AP stack overflow vulnerability (CNVD-2023-18945)

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the updatefilename parameter of the autoupfw sub420A04 function, which can be exploited by an attacker to execute arbitrary...

TRENDnet TEW-755AP stack overflow vulnerability (CNVD-2023-18948)

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the REMOTEUSER parameter of the getaccess sub45AC2C function, which can be exploited by an attacker to execute arbitrary co...

USN-5784-1: usbredir vulnerability

It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary...

CVE-2022-47317

Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

CVE-2022-46360

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file...

CVE-2022-41645

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

CVE-2022-47949

The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affect...

CVE-2022-46282

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,...