CVE-2023-32972 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Plain Craft Launcher Path Traversal Vulnerability

Plain Craft Launcher is a software. A security vulnerability exists in Plain Craft Launcher version 1.3.9 that originates from a vulnerability that could allow a local attacker to execute arbitrary code and obtain sensitive information...

PT-2023-8834 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2424 bui...

USN-6401-1 freerdp2 vulnerabilities

It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,...

mojoPortal 代码问题漏洞

mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...

mojoPortal 代码问题漏洞

mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...

PT-2023-28273 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

CVE-2023-41448

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component...

Telstra Smart Modem Code Issue Vulnerability

Telstra Smart Modem is a smart modem from Telstra. A security vulnerability exists in Telstra Smart Modem Gen 2 firmware prior to version 0.18.15r, which originates from a vulnerability that could allow an authenticated attacker to alter the firmware or configuration on the device and execute cod...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

Siemens JT2Go < 14.3.0.1 Multiple Vulnerabilities (SSA-278349)

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 14.3.0.1. It is, therefore, affected by multiple vulnerabilities: - A stack-based buffer overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of...

Siemens Teamcenter Visualization and JT2Go Type Obfuscation Vulnerability

Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios.Siemens JT2GO is a JT file viewer. A type confusion vulnerability exists in Siemens Teamcenter Visualization and JT2Go, which can be exploited by an attacker to execute code in the...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed vulnerabilities in Connect. A malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. Fo...

Siemens Teamcenter Visualization and JT2Go Heap Buffer Overflow Vulnerability (CNVD-2023-69809)

Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios.Siemens JT2GO is a JT file viewer. A heap buffer overflow vulnerability exists in Siemens Teamcenter Visualization and JT2Go, which can be exploited by an attacker to execute code ...

Ubuntu 22.04 LTS / 23.04 : Linux kernel vulnerabilities (USN-6338-2)

The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6338-2 advisory. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

Splunk 访问控制错误漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

CVE-2023-40857

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yrexecutecod function in the exe.c component...

CVE-2022-3742

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...