Silverstripe SilverStripe 跨站脚本漏洞

Silverstripe SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe Framework version 4.8.1 and previous versions o...

Microsoft Project MPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Project. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Autodesk Design Review PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

WordPress Appointment Hour Booking 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress Appointment Hour Booking plugin suffers fro...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress Better Find and Replace plugin suffers from...

Booking Core 跨站脚本漏洞

Booking Core is a Laravel-based booking system designed as an application for travel websites, shopping malls, travel agencies, tour operators, bed and breakfasts, villa rentals, resort rentals, and Make Travel websites. A cross-site scripting vulnerability exists in Booking Core. The vulnerabili...

Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Boston Scientific Zoom Latitude Programmer/Recorder/Monitor Model 3120 数据伪造问题漏洞

The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to a data validation error that...

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soapblocktable file. The issue results from the lack ...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Recipe Card Blocks, which stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerability to execu...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress Plugin GDPR/CCPA suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...

CVE-2021-1616

A vulnerability in the H.323 application level gateway ALG used by the Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the AL...

Design/Logic Flaw

A vulnerability in the H.323 application level gateway ALG used by the Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the AL...

CVE-2021-1616 Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability

A vulnerability in the H.323 application level gateway ALG used by the Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the AL...

D-Link DIR-615 Buffer Overflow Vulnerability

The D-Link DIR-615 is a wireless router from D-Link, a Taiwan-based company. The security vulnerability in the D-Link DIR-615 stems from a network system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operatio...

Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability

A vulnerability in the H.323 application level gateway ALG used by the Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the AL...

Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160

ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...

PeerTube Cross-Site Scripting Vulnerability

PeerTube is a decentralized video sharing service platform. Peertube has a cross-site scripting vulnerability in versions prior to v3.4.0, which stems from the application's lack of user input data validation and filtering of the data at the input location, and could be used by an attacker to...

OpenSIS Community Edition Cross-Site Scripting Vulnerability

OpenSIS Community Edition is a community edition of Alfresco Software's open source enterprise content management system. The system includes document management, office collaboration and other features. openSIS Community Edition in version 7.6 and earlier versions of the cross-site scripting...

CVE-2021-38406

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process...