Default credentials

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The Tiffloader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an...

Adobe Acrobat 资源管理错误漏洞

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-32538 ARTWARE CMS - Unrestricted Upload of File

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly...

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

Apple macOS AppleIntelKBLGraphics IOCTL 0x20006 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling ...

IBM Security Sevret Server 缓冲区错误漏洞

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. IBM Security Secret Server suffers from a buffer overflow vulnerability tha...

Dell BIOSConnect feature 缓冲区错误漏洞

DELL Dell BIOSConnect is a base platform from Dell USA that enables the BIOS to connect to Dell's HTTP backend and load images via the HTTP method. A buffer error vulnerability exists in the Dell BIOSConnect feature that allows a malicious administrator user with local access to the system to run...

Autodesk Design Review 资源管理错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drawing software assist software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...

Ec-cube cross-site scripting vulnerability (CNVD-2021-46277)

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...

CVE-2021-32948

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK All versions prior to 2022.4 resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-servic...

CVE-2021-31486

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-26995

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code...

Netapp E-Series SANtricity OS Controller Software 安全漏洞

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from NetApp, Inc. A security vulnerability exists that could be exploited by a privileged attacker to execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2013:1807-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default credentials

A vulnerability has been identified in Simcenter Femap 2020.2 All versions V2020.2.MP3, Simcenter Femap 2021.1 All versions V2021.1.MP3. The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an...

OpenText Brava! Desktop Untrusted Pointer Dereference Vulnerability

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An untrusted pointer dereference vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from failure to properly...

RSA Archer 跨站脚本漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

Schneider Electric homeLYnk和spaceLYnk 安全漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric, France. An input validation security vulnerability exists in the Schneider Electric spaceLYnk, which can be exploited by a remote attacker to submit a special request that can be used in the context of an...

Siemens Solid Edge Untrustworthy Pointer Reference Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. An untrustworthy pointer reference vulnerability exists in Siemens Solid Edge. The vulnerability is due to the application lacking proper validation of user-supplied data when parsing PRT files. An attacker can exploit the vulnerabili...