An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters.

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit  https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.

Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.

Certain Lexmark devices through 2023-02-19 have an Integer Overflow.

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges

A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.