CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

SUSE-SU-2022:4642-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content bsc1206474. - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. -...

CVE-2022-43601

Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability...

CVE-2022-41838

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

Command Execution Vulnerability in Vehicle Monitoring Platform of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the in-vehicle monitoring platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited by an attacker to...

CVE-2022-46875

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 108, Firefox ESR 102.6, and...

CVE-2022-34483

The issue is CVE-2022-34483 affecting Firefox prior to version 102. A user engaging via drag-and-drop of an image to a filesystem could have resulted in a filename containing an executable extension, potentially leading to execution of malicious code. The Astra Linux advisories corroborate that F...

CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87979)

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.19.49472, Platform Build 16.0.49350)

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Application Build 16.19.49472, Platform Build 16.0.49350 Note: The build number of this update is incremented by 2. Overview This update replaces previously released updates. You should always install the latest update...

Command Execution Vulnerability in Mingguo Security Gateway of Hangzhou ACE Information Technology Co. Ltd (CNVD-2023-03898)

MingGuard Security Gateway builds a next-generation security protection system with full-process defense and integrates traditional firewall, intrusion detection, intrusion prevention system, anti-virus gateway, Internet behavior control, VPN gateway, threat intelligence, and other security modul...

KLA20114 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

KLA20115 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

CVE-2022-45275

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-27442 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew password parameter in the changepassword.php file. This enables the...

CVE-2022-41157 ERP solution Remote Code Execution Vulnerability

A specific file on the sERP server if KyungrinaraERP solution has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands...

Libarchive Code Execution Vulnerability

libarchive is a multi-format archive and compression library. libarchive A code execution vulnerability exists in libarchive version 3.6.1, which stems from a failure to check for errors after calling the calloc function, i.e., if the function fails, the calloc function returns a NULL pointer,...

D-Link DIR-823G Command Execution Vulnerability

D-Link DIR-823G is a wireless router from D-Link, a Chinese company. D-Link DIR-823G firmware version 1.02B05 contains a command execution vulnerability that stems from sub42383C's failure to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited...

CVE-2022-3088

CVE-2022-3088 concerns an execution with unnecessary privileges vulnerability (CWE-250) in Moxa ARM-based industrial computers. Affected devices include UC-8100A-ME-T, UC-2100, UC-2100-W, UC-3100, UC-5100, UC-8100 (and UC-8100-ME-T), UC-8200, AIG-300, UC-8410A with Debian 9, UC-8580 with Debian 9...