#rce

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms.

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image.

Numbas versions prior to 7.3 suffer from a remote code execution vulnerability.

Sitecore version 8.2 suffers from a remote code execution vulnerability.

Akaunting versions 3.1.3 and below suffer from a remote command execution vulnerability.

pgAdmin 4 uses a file-based session management approach. The session files are saved on disk as pickle objects. When a user performs a request, the value of the session cookie 'pga4_session' is used to retrieve the file, then its content is deserialised, and finally its signature verified. The cookie value is split in 2 parts at the first '!' character. The first part is the session ID (sid), while the second is the session digest. The vulnerability lies in versions of pgAdmin prior to 8.4 where a method loads session files by concatenating the sessions folder - located inside the pgAdmin 4 DATA_DIR - with the session ID. Precisely, the two values are concatenated using the ['os.path.join'] function. It does not set a trusted base-path which should not be escaped

remote code execution in paddlepaddle/paddle 2.6.0

Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.