CVE-2023-0265

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers...

PT-2023-2236 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in permission assignment for files, which can allow a remote attacker to execute arbitrary...

PT-2023-2233 · Hitachi Vantara · Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in input data processing during code syntax analysis. Exploitation of this issue may allow a...

CVE-2022-3210

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by defaul...

CVE-2022-37357

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

CVE-2022-37365

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs...

CVE-2022-43647

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue...

CVE-2022-43619

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2022-43646

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP...

CVE-2022-43623

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2023-25880 ZDI-CAN-19412: Adobe Dimension GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-25871 Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-23149

CVE-2023-23149 affects DEK-1705 devices with firmware 34.23.1 and earlier. Root cause: command execution vulnerability in the DEK-1705 firmware. Impact is high across confidentiality, integrity, and availability (CVSS v3.1: 9.8; Network access, no authentication, no user interaction). Remediation...

CVE-2023-25654 baserCMS File Uploader Remote Code Execution (RCE) vulnerability

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution RCE Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch...

NETGEAR Orbi Satellite RBS750 ubus backend communication function command execution vulnerability

The NETGEAR Orbi Satellite RBS750 is a professional-grade tri-band satellite router from NETGEAR. The NETGEAR Orbi Satellite RBS750 suffers from a command execution vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the ubus back-e...

CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

PT-2023-2000 · NetGear · Netgear Orbi Router Rbr750

Name of the Vulnerable Software and Affected Versions: Netgear Orbi Router RBR750 version 4.6.8.5 Description: A command execution issue exists in the hidden telnet service functionality. This can be exploited by sending a specially-crafted network request, potentially allowing an attacker to...

Netgear Orbi Satellite RBS750 ubus backend communications command execution vulnerability

Talos Vulnerability Report TALOS-2022-1597 Netgear Orbi Satellite RBS750 ubus backend communications command execution vulnerability March 21, 2023 CVE Number CVE-2022-36429 SUMMARY A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite...

Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.32-alt1

3.1.32-alt1 built March 18, 2023 Vitaly Lipatov in task 316692 March 12, 2023 Vitaly Lipatov - .NET Core 3.1.32 and .NET Core SDK 3.1.426 releases - CVE-2022-41089: .NET Remote Code Execution Vulnerability - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-38013: .NET Denial o...

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-31291)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...