Panasonic Control FPWIN Pro 缓冲区错误漏洞

Panasonic Control FPWIN Pro is a programming software from Panasonic Corporation Japan. A security vulnerability exists in Panasonic Control FPWIN Pro 7.6.0.3 and prior versions, which stems from a memory corruption vulnerability that could allow execution of arbitrary code when opening specially...

SteelSeries GG 路径遍历漏洞

SteelSeries GG is an all-in-one gaming platform from Danish company SteelSeries. It bundles powerful gaming applications into an easy-to-use interface. A path traversal vulnerability exists in SteelSeries GG version 36.0.0, which can be exploited by an attacker to create a sub-application via an...

[SECURITY] Fedora 37 Update: redis-7.0.12-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...

Oracle Java SE 安全漏洞

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

GHSA-H4VP-69R8-GVJG org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability

Impact Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code...

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

A new malware strain has been found covertly targeting small office/home office SOHO routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.13 that stems from a vulnerability that allows an authenticated attacker to gain access to sensitive information through API calls related to da...

Important: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Design/Logic Flaw

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

CVE-2023-36922 OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Important: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

OSNEXUS QuantaStor 操作系统命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...

PT-2023-36216 · Google +1 · Go +1

Name of the Vulnerable Software and Affected Versions: amazon-ecs-init affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.20. The update of amazon-ecs-init is intended to address this issue by rebuilding the package wi...

programming-techniques.com Cross Site Scripting vulnerability OBB-3477394

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...