GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition EE. This vulnerability is significant as it enables an attacker to execute pipelines as another...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36844 - The "Remote Code Execution in Juniper JunOS...

CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the nutenteagg parameter at /hoteldruid/interconnessioni.php...

SiYuan Notes Software Web App is a privacy-first personal knowledge management system that supports full offline use as well as end-to-end encrypted synchronization. Yunnan ChainDrop Technology Co., Ltd. has an XSS vulnerability in the Siyuan Notes Software Web application, which can be exploited by attackers to obtain sensitive information such as user cookies.

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow HDFS Provider, which stems...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co.

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of Fuji...

CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

CVE-2023-36742 Visual Studio Code Remote Code Execution Vulnerability

...

September 12, 2023-KB5030181 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2

September 12, 2023-KB5030181 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2 Release Date: September 12, 2023 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and Cumulative Update for 3.5, 4.8 and 4.8.1 for Windows 11,...

PT-2023-28234 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

CVE-2022-30638 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Illustrator versions 26.0.2 and earlier and 25.4.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

NETGEAR R6400v2 Code Execution Vulnerability

The NETGEAR R6400v2 is a router from NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. The NETGEAR R6400v2 suffers from a code execution vulnerability that stems from the program's failure to properly filter special elements that construct code...

NETGEAR R6400v2 安全漏洞

The NETGEAR R6400v2 is a router from NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. The NETGEAR R6400v2 suffers from a code execution vulnerability that stems from the program's failure to properly filter special elements that construct code...

USN-6331-1 linux-azure vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

CVE-2023-39138

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file...

CVE-2023-40838

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'sub3A1D0' contains a command execution vulnerability...

CVE-2023-40838

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'sub3A1D0' contains a command execution vulnerability...

CVE-2023-40837

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'subADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "subADD50" function to execute commands...

Security Update for Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML...

TOTOLINK X5000R setLanguageCfg Function Code Execution Vulnerability

TOTOLINK X5000R is a wireless router from TOTOLINK that supports Wi-Fi 6 technology with full coverage Mesh system and dual band transmission. The TOTOLINK X5000R suffers from a code execution vulnerability that stems from the lang parameter of the setLanguageCfg function failing to properly filt...

WinRAR 安全漏洞

WinRAR is a shareware program for managing zip files. A code execution vulnerability exists in WinRAR that can be exploited by an attacker to execute arbitrary code when a user attempts to view benign files in a ZIP archive...