Cross site scripting

Cross Site Scripting XSS vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function...

CVE-2023-38886

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script...

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

CVE-2023-40868

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions...

CVE-2023-39070

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...

USN-6164-2: c-ares vulnerabilities

USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares ...

CVE-2023-39070

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...

CVE-2023-39070

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...

Security Bulletin: There is a vulnerabiliy in SQLite JDBC used by IBM Maximo Asset Management (CVE-2023-32697)

Summary There is a vulnerabiliy in SQLite JDBC used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2023-32697 DESCRIPTION: SQLite JDBC could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when JDBC url is attacker controlled. By...

CVE-2023-38485

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

CVE-2023-3472

Panasonic KW Watcher software contains a use-after-free vulnerability (CVE-2023-3472) affecting versions 1.00 through 2.82. The issue may allow an attacker to execute arbitrary code when a crafted configuration file is processed. Public sources consistently describe impact as arbitrary code execu...

Medium: spice-protocol

Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: spice-protocol Note: This advisory...

KLA59908 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory access vulnerability in FedCM can be exploited to...

CVE-2023-40980

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...

CVE-2023-40980

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...

Cross site scripting

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

CVE-2023-40980

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...

CVE-2023-39631

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...