Adobe Substance 3D Sampler out-of-bounds write vulnerability (CNVD-2023-9821564)

Adobe Substance 3D Sampler is a photogrammetry software from the American company Audobee Adobe. It is used to convert photo captures and scanned images into 3D textures and material assets. An out-of-bounds write vulnerability exists in Adobe Substance 3D Sampler 4.2.1 and earlier versions, whic...

Ubuntu: Security Advisory (USN-6557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6557-1: Vim vulnerabilities

It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-1725 It was discovered that Vim could be made to recurse...

CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modulesinstall.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file...

Arbitrary file deletion

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...

Cross site scripting

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL...

CVE-2023-48861

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll...

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...

Design/Logic Flaw

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

CVE-2023-42557

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code...

Foxit Reader Memory Misreference Vulnerability (CNVD-2023-96091)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...

LSN-0099-1: Kernel Live Patch Security Notice

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service host NIC availability.CVE-2022-3643 It was discovered that the virtual terminal driver in th...

CVE-2023-49029

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file...

CVE-2023-49028

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file...

CVE-2023-49046

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule...

Buffer overflow

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mzpathresolve function in the mzos.c file...

Ubuntu: Security Advisory (USN-6497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38823

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd...

CVE-2023-38823

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd...

Adobe Media Encoder Out-of-Bounds Write Vulnerability (CNVD-2023-88662)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A security vulnerability exists in Adobe Media Encoder version 24.0.2 and earlier and version 23.6 and earlier, which can be exploited by an attacker to execute arbitrary code in the context of...