FastStone Image Viewer 缓冲区错误漏洞

FastStone Image Viewer is a free image viewing, converting and editing tool. A security vulnerability exists in FSViewer.exe in FastStone Image Viewer 7.5 and earlier versions. An attacker can exploit this vulnerability via a malformed CUR file to cause a denial of service or code execution...

CVE-2021-21518

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges...

Design/Logic Flaw

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors...

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

Directory traversal

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

CVE-2021-26293

CVE-2021-26293 affects AfterLogic Aurora and WebMail Pro (DAV enabled). The vulnerability stems from directory traversal in the WebDAV handling (DAVServer.php/DAV/Server.php) that allows creating files under the web root, enabling potential remote code execution via uploaded files. Severity is hi...

Xerox AltaLink 加密问题漏洞

Xerox AltaLink is a hardware device from the American Xerox Xerox company. It provides a print-copy function. A security vulnerability exists in On Xerox AltaLink, which arises from unencrypted portions of the drive that contain executable code. The following products and versions are affected: O...

The vulnerability of the FactoryTalk Linx automation system’s software, related to deficiencies in handling exceptional states, allows a perpetrator to complete the RSLinxNG.exe process.

The vulnerability of the FactoryTalk Linx automation system’s software is related to deficiencies in handling exceptional states. Exploiting this vulnerability could allow a malicious actor to successfully execute the RSLinxNG.exe process by sending a specially crafted ConfigureItems message via...

D-Link DAP-1860 Remote Code Execution Vulnerability (CNVD-2022-38539)

The D-Link DAP-1860 is a WiFi range extender from D-Link, a Taiwan-based company. A remote code execution vulnerability exists in the D-Link DAP-1860, which stems from a network system or product that does not properly filter external input data during the construction of executable commands, and...

Fedora 32 : radare2 (2021-e3c95619c1)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-e3c95619c1 advisory. - radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATnam...

Sytech XL Reporter 权限许可和访问控制问题漏洞

Sytech XL Reporter is a software application from Sytech Corporation. It provides all the powerful features of Excel such as charting, formatting and formulas, as well as XLReporter's industry-specific features to generate excellent reports. A local elevation of privilege vulnerability exists in...

CVE-2021-20443

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality such as a library from a source that is outside of the intended control sphere. IBM X-Force ID: 196619...

Code injection

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality such as a library from a source that is outside of the intended control sphere. IBM X-Force ID: 196619...

CVE-2021-20443

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality such as a library from a source that is outside of the intended control sphere. IBM X-Force ID: 196619...

Advantech WebAccess/SCADA Local Elevation of Privilege Vulnerability (CNVD-2021-11304)

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

IBM Maximo for Civil Infrastructure 安全漏洞

IBM Maximo Anywhere is a suite of next-generation mobile solutions from IBM USA built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile...