CVE-2023-35019

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873...

Security Bulletin: IBM TRIRIGA Application Platform is vulneraible to multiple vunerabilities [CVE-2016-0003], [CVE-2016-1000031] and [CVE-2016-0248]

Summary IBM TRIRIGA Application Platform updated the apache commons open source to latest version to fix the fulnerabilities in CVE-2016-0003, CVE-2016-1000031 and CVE-2016-0248. Vulnerability Details CVEID:CVE-2016-0003 DESCRIPTION: Microsoft Edge could allow a remote attacker to execute arbitra...

Design/Logic Flaw

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file...

CVE-2023-37692

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file...

Ubuntu: Security Advisory (USN-6248-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-37692

October CMS v3.4.4 is affected by an arbitrary file upload vulnerability that allows an authenticated attacker to upload a crafted file (notably an SVG) to execute arbitrary code in the browser context. The issue appears to stem from inadequate validation/sanitization in the file upload handling,...

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go

Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...

CVE-2023-34798

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2021-34123

An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf in asm.c allows attackers to execute arbitrary code on the system via a crafted file...

Iagona ScrutisWeb 代码问题漏洞

Iagona ScrutisWeb is a security solution from the French company Iagona. A code issue vulnerability exists in Iagona ScrutisWeb version 2.1.37 and prior versions. An attacker could exploit this vulnerability to upload and execute arbitrary files...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request...

Ubuntu: Security Advisory (USN-6229-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-37839

An arbitrary file upload vulnerability in /dede/filemanagecontrol.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file...

USN-6229-1: LibTIFF vulnerabilities

It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Ubuntu: Security Advisory (USN-6220-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-37839

An arbitrary file upload vulnerability in /dede/filemanagecontrol.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Python

Summary Potential vulnerabilities in Python have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-28861 DESCRIPTION: Python could allow a...

Milesight UR32L libzebra.so change_hostname function command injection vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L libzebra.so changehostname function, which can be exploited by an attacker to execute arbitrary commands on the system...