CVE-2023-46408

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a command execution vulnerability via the sub The 41DD80 function...

CVE-2023-46409

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a command execution vulnerability via the sub 41CC04 function...

PT-2023-26329 · Unknown · Superwebmailer

Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue in SuperWebMailer allows Remote Code Execution via a crafted sendmail command line. Recommendations: For SuperWebMailer version 9.00.0.01710, consider restricting access to the sendmai...

CVE-2023-45677 Heap buffer out of bounds write in start_decoder in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...

CVE-2023-35986 Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2023-35184 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution...

SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenClientUpdateFile method. The issue results from the lack of...

RHEL 8 : python-reportlab (RHSA-2023:5788)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5788 advisory. Python-reportlab is a library used for generation of PDF documents. Security Fixes: python-reportlab: code injection in paraparser.py allows code...

D-Link DAP-X1860 Code Execution Vulnerability

The D-Link DAP-X1860 is a wireless router from China-based AUO D-Link. The D-Link DAP-X1860 suffers from a code execution vulnerability that stems from an application's failure to properly filter special elements of constructed code segments. An attacker could exploit this vulnerability to execut...

SUSE-SU-2023:4048-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2019-19450: Fixed an issue which allowed remote code execution via startunichar in paraparser.py evaluating untrusted user input. bsc1215560...

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2023-36583 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

CVE-2023-36591 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

SUSE-SU-2023:4041-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file bsc1215859...

CVE-2023-44087

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0009, Tecnomatix Plant Simulation V2302 All versions V2302.0003. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. Th...

PT-2023-6143 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0009 Tecnomatix Plant Simulation versions prior to V2302.0003 Description: The issue is related to an out of bounds write past the end of an allocated buffer while parsing a specially crafte...

CVE-2023-30736

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required...

Debian DSA-5512-1 : exim4 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5512 advisory. Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticato...

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2023-87982)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

CVE-2023-35002

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...