This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-955: Sante PACS Server SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
ZDI-22-954: Centreon Virtual Metrics SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability.
ZDI-22-953: Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability.
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
CVE-2014-8164
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.
CVE-2015-3172
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.
CVE-2015-3173
custom-content-type-manager WordPress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.
gnupg2-2.3.4-2.fc35
FEDORA-2022-1124e5882d
Packages in this update:
gnupg2-2.3.4-2.fc35
Update description:
Fix for CVE-2022-34903 (#2103242)
USN-5488-2: OpenSSL vulnerability
USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run.