CVE-2021-37166

A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...

CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation e.g., cryptographic signature validation during a File Upload for a firmware update...

CVE-2021-37161

CVE-2021-37161 describes a buffer overflow in the Swisslog Healthcare Nexus Panel’s HMI3 Control Panel (pre Nexus Software 7.2.5.7) that can overwrite an internal queue data structure and lead to remote code execution. The impact is high (network, no auth, no user interaction). Remediation: upgra...

CVE-2021-37165

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead t...

CVE-2021-37165

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead t...

CVE-2021-37165

Technical details about CVE-2021-37165 are not publicly available in the provided Connected documents. The initial description notes a buffer overflow enabling remote code execution in Nexus Panel software prior to 7.2.5.7, but no confirmed exploit or remediation is documented here.

CVE-2021-37165

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead t...

KLA12248 Microsoft Advisory (ESU) for Active Directory Certificate Services

Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Microsoft Products Extended Security Update.To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authenticati...

CVE-2021-1092

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of...

CVE-2021-1092

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of...

Design/Logic Flaw

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of...

CVE-2021-1092

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of...

CVE-2021-1092

CVE-2021-1092 affects the NVIDIA GPU Display Driver for Windows (NVIDIA Control Panel component). The vulnerability is a Windows file system symbolic link attack in the Control Panel that could allow an unprivileged local attacker to trigger the driver to overwrite privileged files, potentially c...

NVIDIA GPU Display Driver 后置链接漏洞

NVIDIA GPU Display Driver is a driver software from NVIDIA Corporation for interactive support of graphics card display modules in operating systems. NVIDIA GPU Display Driver for Windows suffers from a backlink vulnerability that originates from a symbolic link in the NVIDIA Control Panel...

PT-2021-3894

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description The issue is related to an information disclosure vulnerability in Microsoft Exchange Server, associated with weaknesses in the authentication procedure. This vulnerability...

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities

New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numero...

VulnCheck KEV: CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

Thecus N4800Eco Nas Server Control Panel - Comand Injection Exploit

Exploit Title: Thecus N4800Eco Nas Server Control Panel - Comand Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: http://www.thecus.com/ Software Link: http://www.thecus.com/product.php?PRODID=83 Version: N4800Eco Description:...

Thecus N4800Eco Command Injection

Exploit Title: Thecus N4800Eco Nas Server Control Panel - Comand Injection Date: 01/06/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: http://www.thecus.com/ Software Link: http://www.thecus.com/product.php?PRODID=83 Version: N4800Eco Description:...

Thecus N4800Eco Nas Server Control Panel - Comand Injection

Exploit Title: Thecus N4800Eco Nas Server Control Panel - Comand Injection Date: 01/06/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: http://www.thecus.com/ Software Link: http://www.thecus.com/product.php?PRODID=83 Version: N4800Eco Description:...