Netapp E-Series SANtricity OS Controller Software 安全漏洞

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from NetApp, Inc. A security vulnerability exists that could be exploited by a privileged attacker to execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2013:1807-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default credentials

A vulnerability has been identified in Simcenter Femap 2020.2 All versions V2020.2.MP3, Simcenter Femap 2021.1 All versions V2021.1.MP3. The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an...

OpenText Brava! Desktop Untrusted Pointer Dereference Vulnerability

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An untrusted pointer dereference vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from failure to properly...

Schneider Electric homeLYnk和spaceLYnk 安全漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric, France. An input validation security vulnerability exists in the Schneider Electric spaceLYnk, which can be exploited by a remote attacker to submit a special request that can be used in the context of an...

RSA Archer 跨站脚本漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

Apple Boot Camp 缓冲区错误漏洞

Apple Boot Camp is an application from Apple USA. A utility program that comes with your Mac that allows you to switch between macOS and Windows. Apple Boot Camp suffers from a buffer error vulnerability that stems from a boundary error. A local user can run a specially designed program to trigge...

Siemens Solid Edge Untrustworthy Pointer Reference Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. An untrustworthy pointer reference vulnerability exists in Siemens Solid Edge. The vulnerability is due to the application lacking proper validation of user-supplied data when parsing PRT files. An attacker can exploit the vulnerabili...

CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data...

CVE-2021-31899

In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode...

CVE-2021-31446

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Parallels Desktop OTG Heap Buffer Overflow Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. A heap buffer overflow vulnerability exists in the Open Tools Gate component in Parallels Desktop version 15.1.5-47309. The vulnerability stems from a failure to properly validate the length of user-supplied data before...

CVE-2020-22790

CVE-2020-22790 is an authenticated stored XSS in Safe FME Server (2019.2 and 2020.0 Beta). The vulnerability arises from allowing an attacker to inject arbitrary script/HTML by modifying a user’s name, with the XSS triggered when an administrator views the logs. The affected product is Safe FME S...

CVE-2021-22678

Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process...

Valve Steam Buffer Overflow Vulnerability

Valve Steam is a suite of game distribution management platforms from Valve Corporation in the United States. The platform provides digital rights management, multiplayer, streaming, and social networking services. A buffer overflow vulnerability exists in Valve Steam version 2021-04-10 and earli...

Vulnerability fixed in x.org

A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...

Parallels Desktop Toolgate Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgat...

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...

Netgear NETGEAR 缓冲区错误漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in the NETGEAR Nighthawk R7800 that could allow a network neighbor attacker to execute arbitrary code on the...

CVE-2021-22505

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent...