Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2023-24907: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#rce#auth#Microsoft PostScript Printer Driver#Security Vulnerability
CVE-2023-23415: Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.

CVE-2023-0628: Docker Desktop release notes

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up. Akuvox E11 is

CVE-2023-1350: Fix RCE vulnerability on feed enrichment · lwindolf/liferea@8d8b5b9

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.

CVE-2023-23328: vulnerabilities/README.md at master · superkojiman/vulnerabilities

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.

Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping

A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.

SugarCRM 12.x Remote Code Execution / Shell Upload

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

IceFire Ransomware Portends a Broader Shift From Windows to Linux

IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.

CVE-2023-1288: Dassault Systèmes Security Advisories

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.