CVE-2021-38454

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

CVE-2021-38460

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

IR615 Router authorization issue vulnerability

The IR615 Router is a 4G industrial router from Rimu Technologies of China. The IR615 Router is vulnerable to an authorization issue that could be exploited by an attacker to take full control of the product and execute code on the internal network to which the product is connected...

Information disclosure

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the...

CVE-2021-34775

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...

Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-40708

Adobe Genuine Service versions 7.3 and earlier are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this...

VMWare vCenter Server Arbitrary File Upload (CVE-2021-22005)

An arbitrary file upload vulnerability exists in VMWare vCenter Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VMware vCenter Server File Upload Vulnerability

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file...

FAAD2 Heap Buffer Overflow Vulnerability

Freeware Advanced Audio Decoder 2 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder licensed under the GPLv2 license. ltprediction function in ltpredict.c in FAAD2 2.10.0 and earlier versions is vulnerable to a heap buffer overflow vulnerability. An attacker could exploit this vulnerability t...

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics...

VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Xiaomi AX3600 Buffer Overflow Vulnerability

Xiaomi AX3600 is a router. Xiaomi AX3600 is vulnerable to a buffer error vulnerability that exists in librsa.so called by the getWifiPwdUrl interface. An attacker could exploit the vulnerability to execute code...

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of a number of Dell products. These vulnerabilities allow a local malicious person to able to access sensitive information and execute execute arbitrary code. Dell has released updates to fix the vulnerabilities. More information can be found on the pag...

CVE-2021-39275

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. Mitigation Mitigation for this issue is either no...

UReport Arbitrary File Creation Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

vim post-release reuse vulnerability (CNVD-2021-99302)

Vim is a powerful and highly customizable text editor, an improved version of vi that improves upon and adds many features to Vi. vim version 8.2.3425 is vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to execute code...

Siemens STAR-CCM+ Viewer Out-of-Bounds Write Vulnerability

Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. An out-of-bounds write vulnerability exists in Siemens STAR-CCM+ Viewer, which can be exploited by an attacker to execute code in the context of the...

Delta Electronics DOPSoft 2 Out-of-Bounds Write Vulnerability

Delta Electronics DOPSoft is a set of human-machine interface HMI software from Delta Electronics in Taiwan, China. An out-of-bounds write vulnerability exists in Delta Electronics DOPSoft 2, which can be exploited by an attacker to execute code in the context of the current process...