KLA74034 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Web Authenticatio...

KLA73521 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in V8 ca...

CVE-2023-46870

extcap/nrfsnifferble.py, extcap/nrfsnifferble.sh, extcap/SnifferAPI/.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts...

MGASA-2024-0154 Updated libarchive packages fix security vulnerability

Remote Code Execution Vulnerability. CVE-2024-26256...

KLA65693 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface, obtain sensitive information, perform cross-site scripting attack. Below is a...

D-Link DIR-845L Code Execution Vulnerability

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A code execution vulnerability exists in D-Link DIR-845L v1.01KRb03 and earlier versions, which stems from the soapcgimain function failing to correctly filter the special elements of the constructor snippet in the cgibin binary...

CVE-2024-25713

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

CVE-2023-36778 Microsoft Exchange Server Remote Code Execution Vulnerability

...

PT-2023-26841 · Tp Link · Archer C5 +1

Name of the Vulnerable Software and Affected Versions: Archer C5 versions all Archer C7 versions prior to Archer C7JP V2 230602 Description: The issue allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, and therefore, the...

CVE-2023-38208 Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated...

PT-2023-36422 · Gnu +2 · Linux +2

Уязвимость функции drm mode setcrtc модуля drivers/gpu/drm/drm crtc.c драйвера DRM ядра операционной системы Linux связана с доступом к неинициализированной динамической памяти. Эксплуатация уязвимости может позволить нарушителю оказать влияние на целостность и доступность информации и выполнить...

CVE-2023-26360 Adobe ColdFusion Improper Access Control Arbitrary code execution

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application...

CVE-2022-33189

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

PT-2022-6076 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0 Description: The issue exists due to the failure to neutralize special elements used in an OS command, allowing an...

CVE-2022-37881

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

Use-After-Free

connman is vulnerable to use-after-free. A WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to an application crash or code execution...

Mozilla Firefox ESR Security Advisory (MFSA2022-30) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 inclusive are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This...

KLA12448 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, spoof user interface. Below is a complete list of...