Adobe Framemaker 缓冲区错误漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A security vulnerability exists in Adobe Framemaker. The vulnerability originates from a network system or a...

HCL BigFix Platform 安全漏洞

HCL BigFix Platform is an endpoint security management platform. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform. An attacker exploits the vulnerability to perform elevation of privilege...

Beijing Netnifty Security Gateway has a weak password vulnerability

Beijing Netnifty Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products, and providing hierarchical overall security solutions and security profession...

Wordpress permission check error vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers, and a permission checking error vulnerability exists in Wordpress, which stems from the wp-admin/press-this.php script that...

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...

Microsoft Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Endpoint Configuration Manager. The vulnerability stems from an incorrect programmatic call to an advanced local...

Google Releases Security Updates for Chrome

Google has released Chrome version 100.0.4896.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update. Thi...

Samsung SMR 输入验证错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has an input validation error vulnerability that can be exploited by an attacker to initiate certain activities...

Command Execution Vulnerability in TOTOLINK A3100R

The TOTOLINK A3100R is a wireless router. A command execution vulnerability exists in the TOTOLINK A3100R, which can be exploited by an attacker to gain control of the server...

CVE-2021-32937 MDT AutoSave Generation of Error Message Containing Sensitive Information

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

Design/Logic Flaw

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In mos...

FreeTAKServer-UI has an unspecified vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI has a security vulnerability that could be exploited by an attacker to place arbitrary files anywhere on the system...

FreeTAKServer-UI SQL Injection Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI is vulnerable to SQL injection, which stems from the API endpoint/AuthenticateUser containing SQL injection into the SQLite3 database, which can be exploited by an attacker to obtain the database All...

nbd buffer overflow vulnerability

nbd is a Linux kernel network block device tool. It is used to use remote block devices over TCP/IP networks. nbd versions prior to 3.24 of nbd-server suffer from a buffer overflow vulnerability that can be exploited by an attacker to cause a parsing buffer overflow in the name field by sending a...

Foxit PDF Reader and Foxit PDF Editor Stack Buffer Overflow Vulnerability

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit China, a PDF reader and a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor due to a failure to effectively restrict memory boundaries when handling XFA. An attacker could exploit this vulnerabilit...

Business Logic Errors

publifycore is vulnerable to business logic errors. The vulnerability exists in updateparams function of contentcontroller.rb because the password field present in the form is not accepted by the controller which allows an attacker to exploit this flaw since the article is always public...

Radareorg Radare2 缓冲区错误漏洞

radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 suffers from a buffer overflow vulnerability that stems from the product's failure to effectively determine memory boundaries, which could be exploited by an attacker to cause a buffer overflow...

Element Desktop 资源管理错误漏洞

Element Desktop is an open source Matrix client for the Element Web-centered desktop platform from Element. A resource management error vulnerability exists in Element Desktop that can be exploited by an attacker to specify the path to a binary file on the victim's computer...

CVE-2021-44379

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability...

USN-5064-2 cpio vulnerability

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...