GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64084)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

[SECURITY] Fedora 34 Update: libtpms-0.8.4-2.20210624gita594c4692a.fc34.0

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

CVE-2021-25957

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

OPENSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 bsc1188846 - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld...

Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability

Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...

CVE-2021-38756

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Input validation

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-28589

CVE-2020-28589 affects tinyobjloader, specifically the LoadObj functionality in v2.0-rc1 and the development commit 79d4421. Affected component/function/file: LoadObj; root cause: improper array index validation. Impact per sources: could lead to code execution upon processing a specially crafted...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Service Update 0.30 for Microsoft Dynamics 365 9.0

Service Update 0.30 for Microsoft Dynamics 365 9.0 Dynamics 365 Introduction Service Update 9.0.30 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.30. More information Update package| Version Numb...

Beckhoff Twincat Exposure of Sensitive Information to an Unauthorized Actor

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less tha...

Cross-Site Scripting via Rich-Text Content

Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...

Black Hat: Charming Kitten Leaves More Paw Prints

LAS VEGAS – The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. The latest: a custom Android backdoor dubbed “LittleLooter” – used exclusively by the threat actor, as far as...

PT-2021-14788 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: An OS Command Injection issue exists in the ping.php script functionality. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request...

September 14, 2021 Security Update (KB5005567)

September 14, 2021 Security Update KB5005567 Improvements and fixes This security update includes quality improvements. Key changes include: This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. For more...