NVD disclosure day

Published threat advisories for January 20, 2024

CVE advisoryCRITICAL

CVE-2023-51928

YonBIP Arbitrary File Upload Leads to Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An arbitrary file upload vulnerability in YonBIP's `ArcpUploadAction.doAction()` method allows unauthenticated attackers to upload crafted files, potentially leading to arbitrary code execution and system compromise. The platform is an enterprise business innovation tool.

CVE advisoryCRITICAL

CVE-2023-51892

Weaver e-cology Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in weaver e-cology's FrameworkShellController, enabling remote attackers to execute arbitrary code without authentication via a crafted script. This could potentially disrupt services or compromise system integrity, impacting enterprise collaboration and office automation.