CVE-2022-48325

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 year, 2 oldSenha, 3 novaSenha, 4 termo, 5 nome, 6 cnpj, 7 ie, 8 cep, 9 logradouro, 10 numero, 11 bairro, 12 cidade, 13 uf, 14 telefone, 15 email, 16 id,...

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 nome, 2 aCliente, 3 eCliente, 4 dCliente, 5 vCliente, 6 aProduto, 7 eProduto, 8 dProduto, 9 vProduto, 10 aServico, 11 eServico, 12 dServico, 13 vServico...

Ubuntu: Security Advisory (USN-5874-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

SUSE CVE-2013-1653

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...

CVE-2022-45543

Cross site scripting XSS vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search...

LSN-0091-1: Kernel Live Patch Security Notice

It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2022-41222 Sönke...

PT-2023-1454 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the database management system, which can be exploited to execute arbitrary code. This allows an attacker to potentiall...

CVE-2022-48077

Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL...

Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site...

CVE-2023-24646

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file...

Ubuntu: Security Advisory (USN-5863-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5858-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-45544

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...

CVE-2022-48021

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-23943)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending special...

CVE-2022-31364

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA010705.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: affected function is lowertransportlayeronseg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound...

CVE-2023-23135

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file...

CVE-2022-31363

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA010705.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: affected function is pbtransporthandlefrag. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write...