QNAP NAS 缓冲区错误漏洞

QNAP NAS is an accessible and fast storage solution from QNAP China. A security vulnerability exists in QNAP NAS that stems from a boundary error. A remote, unauthenticated attacker could send a specially crafted request to trigger a stack-based buffer overflow and execute arbitrary code on the...

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host and execute arbitrary code. Citrix has released updates to fix the vulnerabilities. More information ca...

CVE-2021-30717

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code...

CVE-2021-30784

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip...

CVE-2021-33015

Cscape All Versions prior to 9.90 SP5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-31338

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows a malicious party located within the victim's network is able to execute arbitrary code by providing a specially prepared image. Fortinet has released updates to fix the vulnerability. More information can be found on the page...

Adobe XMP Toolkit SDK Arbitrary Write Vulnerability

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2020.1 and earlier versions are vulnerable to arbitrary writes. An attacker could exploit this vulnerability to execute arbitrary code...

openSUSE 15 Security Update : rpm (openSUSE-SU-2021:2682-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds...

SUSE SLED15 / SLES15 Security Update : rpm (SUSE-SU-2021:2682-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-boun...

Beckhoff Twincat Incorrect Default Permissions

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

Magento Commerce跨站脚本漏洞

Magento Commerce is to provide a first-class shopping experience without the need for developer support. Magento Commerce suffers from a cross-site scripting vulnerability that exists due to insufficient cleaning of user-supplied data. A remote attacker can exploit this vulnerability to inject an...

Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

The vulnerability of the Adobe Photoshop CC graphic editor, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop CC graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to access gain access to system data, or execute arbitrary code with the application's permissions. To do this, the malicious party must trick the victim into opening a rogue file...

Medium: rpm

Issue Overview: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highes...

Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2021-53347)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of the German company Siemens. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds read vulnerability...

Siemens JT2Go and Teamcenter Visualization Post-Release Reuse Vulnerability

Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A post-release reuse vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...

CVE-2021-34315

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an...

Default credentials

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an...