Siemens Simcenter Femap and Parasolid Out-of-Bounds Writing Vulnerability (CNVD-2022-62986)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XB...

Siemens Parasolid 缓冲区错误漏洞

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

Slackware: Security Advisory (SSA:2022-252-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-37778

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the currenttime parameter of the time function...

Slackware: Security Advisory (SSA:2022-250-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-23490 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE Description: The issue is caused by a buffer overflow vulnerability due to the use of strcpy in the function at address 0x869f4 within the httpd binary. Recommendations: For Tenda G3 version ...

PT-2022-24067 · Phicomm · Phicomm Fir303B A2 +3

Name of the Vulnerable Software and Affected Versions: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers version V3.0.1.17 Description: A remote command execution issue was discovered, which can be exploited via the current time parameter of the time function. Recommendations: For...

[slackware-security] vim

New vim packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.0.0396-i586-1slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see:...

PT-2022-25017 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith versions through 1.7.14 Description: The issue allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget. This can be used to perform Denial of Service DoS attacks or...

Appsmith 跨站脚本漏洞

Appsmith is an open source platform from Appsmith Open Source for building, deploying and maintaining internal applications. A security vulnerability exists in Appsmith version 1.7.14, which originates from server-side JavaScript injection and allows remote attackers to execute arbitrary JavaScri...

Slackware: Security Advisory (SSA:2022-244-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] poppler

New poppler packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/poppler-21.12.0-i586-2slack15.0.txz: Rebuilt. PATCH JBIG2Stream: Fix crash on broken file. For more information, see:...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.85.0-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: control code in cookie denial of...

Cushion bond markets are opened at wall price rather than current price

Lines of code Vulnerability details Impact Incorrect initial bond market price Proof of Concept uint256 initialPrice = range.wall.high.price.mulDivbondScale, oracleScale; uint256 initialPrice = invWallPrice.mulDivbondScale, oracleScale; In the above lines the initial prices are set to the wall...

DEBIAN-CVE-2021-3864

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a...

Slackware: Security Advisory (SSA:2022-237-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the OctoPrint 3D-printer controller relates to the unsafe management of privileges, allowing a malicious actor to change the account password without knowing the current password.

The vulnerability of the OctoPrint 3D-printer controller is related to insecure management of privileges. Exploiting this vulnerability allows a hacker to change the account password without knowing the current password...

CVE-2022-37238

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the currentRequest parameter...

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...