(0Day) Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

Chikitsa Patient Management System 跨站脚本漏洞

Chikitsa Patient Management System is a software application. An open source patient management software that is fast, responsive and easy to use. A security vulnerability exists in Chikitsa Patient Management System 2.0.0, which arises from a lack of proper validation of client-side data by the...

Apple macOS process_token_BindQueryStoreRegisterToMemoryList Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

UVI-2021-1001439 net: validate lwtstate->data before returning from skb_tunnel_info()

net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.277 by commit...

Security Bulletin: A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 that exposes an input data validation attack.

Summary A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 that exposes an input data validation attack. Vulnerability Details CVEID: CVE-2021-20366 DESCRIPTION: IBM Cloud Pak for Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Adobe After Effects PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe After Effects JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Adobe Character Animator PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

The vulnerability of the software platform for conducting marketing campaigns in Adobe Campaign Classic arises from insufficient validation of input data. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Adobe Campaign Classic software platform for conducting marketing campaigns exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

NCH WebDictate Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in NCH WebDictate, a web-based dictation recording, editing, and management software, which stems from a failure of the product's Recipient Name field to properly validate user data, which could be exploited to add or modify affected fields...

MySQL InnoDB Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MySQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of InnoDB commands. The issue results from the lack of proper validation of the...

The vulnerability of Google Chrome’s V8 JavaScript engine’s script handlers, related to insufficient data validation, allows attackers to access sensitive information or cause service failures.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to insufficient validation of data authenticity. Exploiting this vulnerability allows a remote attacker to access confidential information or cause service failures...

The vulnerability of the Google Chrome browser’s URL component, related to security configuration errors, allows attackers to compromise data integrity.

The vulnerability of the Google Chrome browser’s URL component is related to insufficient data validation during formatting. Exploiting this vulnerability can allow an attacker to compromise the integrity of data...

The vulnerability of the Ceph storage system, related to insufficient validation of input data, allows attackers to compromise the integrity of the data.

The vulnerability of the Ceph storage system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of the data...

Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF...

Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Siemens JT2Go GIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF...

Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...