CVE-2023-30759

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an...

Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2023-2108)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.0 : libXpm (EulerOS-SA-2023-2108)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

CVE-2023-26358 Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability

Creative Cloud version 5.9.1 and earlier is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources...

EulerOS 2.0 SP10 : libXpm (EulerOS-SA-2023-1556)

According to the versions of the libXpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and c...

SUSE CVE-2008-5027

The Nagios process in 1 Nagios before 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an a custom form or a b browser addon...

SUSE CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

SUSE CVE-2010-1240

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PD...

CVE-2022-48323

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

Advisory ROSA-SA-2023-2096

Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-29827

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally...

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally...

Design/Logic Flaw

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control SettingGX Works3 related software versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally...

CVE-2022-29826

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control SettingGX Works3 related software versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

CVE-2022-29549

CVE-2022-29549 affects Qualys Cloud Agent (Linux) 4.8.0-49. The issue arises because the agent executes programs by full pathnames without prior ownership/permission checks or integrity verification, enabling local privilege escalation if a non-root user controls any targeted path (e.g., /opt/fir...

Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability

A local privilege escalation PE vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory such as C:\ to execute a program with elevated privileges. This issue impacts all...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...