Security Bulletin: NVIDIA GPU Display Driver - April 2021

NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, and information disclosure. To protect your system, download and install this software update through the NVIDIA...

openSUSE: Security Advisory for chromium (openSUSE-SU-2021:0392-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Chromium: CVE-2021-21208 Insufficient data validation in QR scanner

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Adobe Bridge HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Adobe Bridge TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Integer overflow

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

(0Day) Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

(0Day) Microsoft Print 3D PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Siemens Solid Edge PAR File Stack Buffer Overflow Vulnerability

Siemens Solid Edge is a 3D CAD software. The software can be used in the industries of part design, assembly design, sheet metal design, welding design, and so on. A stack buffer overflow vulnerability exists in the Siemens Solid Edge PAR file heap. The vulnerability is due to a lack of proper...

Siemens Solid Edge PAR File Out-of-Bounds Write Vulnerability

Siemens Solid Edge is a 3D CAD software. The software can be used in the industries of part design, assembly design, sheet metal design, welding design, and so on. An out-of-bounds write vulnerability exists in Siemens Solid Edge PAR files. The vulnerability is due to a lack of proper validation ...

Cisco Unified Communications Manager Authorization Bypass Vulnerability

Cisco Unified Communications Manager is the powerful call processing component of the Cisco Unified Communications solution. It is a scalable, distributable, and highly available enterprise Voice over IP call processing solution.Cisco Unified Communications Manager Session Management Edition is t...

CloudBees Jenkins Data Validation Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

Debian: Security Advisory (DSA-4886-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4886-1 : chromium - security update

Several vulnerabilites have been discovered in the chromium web browser. - CVE-2021-21159 Khalil Zhani discovered a buffer overflow issue in the tab implementation. - CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio. - CVE-2021-21161 Khalil Zhani discovered a buffer...

[SECURITY] [DSA 4886-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4886-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 06, 2021 https://www.debian.org/security/faq -...

The vulnerability of the graphical component of the Qualcomm Android operating system allows a hacker to execute arbitrary code.

The vulnerability of the graphical component of the Qualcomm Android operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a hacker to execute arbitrary code using an application installed on the device...

Google Chrome 86.0.4240 V8 - Remote Code Execution

Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution Exploit Author: r4j0x00 Version: 87.0.4280.88 Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE:...

Phoenix Contact Automationworx XML File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Dave Rolsky Data-Validate-IP 代码问题漏洞

Data-Validate-IP is an open source application by Dave Rolsky. Provides IPv4 and IPv6 validation methods. Data-Validate-IP version before 0.29 has a security vulnerability that can be exploited by attackers to bypass IP address-based access control...

Code injection

An issue was discovered in the Linux kernel before 5.11.11. tipcnlretrievekey in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8...