ZDI-23-1524: (0Day) D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the...
ZDI-23-1525: (0Day) D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the...
ZDI-23-1526: (0Day) MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the...
ZDI-23-1495: A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. Read More
ZDI-23-1496: A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability
This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability....
ZDI-23-1497: Apple iTunes Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code...
ZDI-23-1498: Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that...
ZDI-23-1499: Cacti link Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is required to exploit this vulnerability. Read More
ZDI-23-1500: Cacti graph_view SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. Authentication is required to exploit this vulnerability when the...
cacti-1.2.25-1.el8 cacti-spine-1.2.25-1.el8
FEDORA-EPEL-2023-522c9cf128 Packages in this update: cacti-1.2.25-1.el8 cacti-spine-1.2.25-1.el8 Update description: Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25...