Command execution vulnerability in Damon Enterprise Manager (DEM) (CNVD-2023-69447)

Damon Enterprise Manager DEM is a centralized management platform that monitors, manages and maintains DM databases through a web interface. A command execution vulnerability exists in Damon Enterprise Manager DEM, which can be exploited by an attacker to gain control of the server...

PT-2023-9232

Name of the Vulnerable Software and Affected Versions Rejetto HTTP File Server versions 2.3m and earlier Description The vulnerability is related to the improper neutralization of special elements used in a template engine, allowing a remote, unauthenticated attacker to execute arbitrary commands...

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

LlamaIndex Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...

PT-2023-26673 · Harrison Chase · Langchain

Name of the Vulnerable Software and Affected Versions: Harrison Chase langchain versions 0.0.194 and before Harrison Chase langchain versions prior to 0.0.236 Description: An issue in Harrison Chase langchain allows a remote attacker to execute arbitrary code via the from math prompt and from...

CVE-2021-25786

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf...

Siemens Parasolid and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2023-62046)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing, and free-form surface/table modeling.Teamcenter Visualization enables organizations to enhance their product lifecycle management PLM environments with a range of comprehensiv...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2023-62032)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

Metabase Remote Code Execution Exploit

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...

CVE-2023-38182 Microsoft Exchange Server Remote Code Execution Vulnerability

...

CVE-2023-38169 Microsoft SQL OLE DB Remote Code Execution Vulnerability

...

CVE-2023-35385 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

SUSE-SU-2023:3248-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. bsc1213128...

SUSE-SU-2023:3246-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. bsc1213128...

Triangle MicroWorks SCADA Data Gateway Code Execution Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A code execution vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from a mal-execution issue in Extensions. An attacker could exploit this vulnerability to execute arbitrary code on a system or cause an application to crash...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is due to free usage in WebRTC. An attacker can exploit the vulnerability to execute arbitrary code on a system or cause an application to crash...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

SUSE: Security Advisory (SUSE-SU-2023:2950-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...