The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.
A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.
There have been no reports of this vulnerability being exploited…
Two vulnerabilities were discovered in poppler, a PDF rendering library,
which could result in denial of service or the execution of arbitrary
code if a malformed PDF file or JBIG2 image is processed.
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability.
