CVE-2021-46522

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x8664-linux-gnu/libasan.so.4+0xaff53...

The vulnerability of Adobe Illustrator CC 2019’s graphic editor lies in its insecure method of searching for paths to DLL libraries. This allows attackers to exploit their privileges.

The vulnerability of Adobe Illustrator CC 2019 is related to a unsafe procedure for searching paths to DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...

Chaojicms 跨站脚本漏洞

Chaojicms is a super Cms website management system. Chaoji CMS version 2.39 is vulnerable to a cross-site scripting vulnerability that allows attackers to execute arbitrary scripts via the getClientIp function in "/lib/tinwin.class.php"...

The vulnerability of the Cisco Packet Tracer network modeling tool for Windows operating systems stems from errors in the mechanism for checking pathfinding for dynamically attached libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the Cisco Packet Tracer network modeling tool for Windows operating systems is related to errors in the mechanism for checking pathfinding for dynamically attached libraries. Exploiting this vulnerability can allow a hacker to execute arbitrary code...

CVE-2021-36455

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

DEBIAN-CVE-2021-29949

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

The vulnerability of the executable file UniFiVideo.exe of the Ubiquiti UniFi Video software allows a intruder to execute arbitrary code.

The vulnerability of the UniFiVideo.exe executable file of the Ubiquiti UniFi Video surveillance device software is related to errors in the mechanism for checking pathfinding for dynamically attached libraries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Mozilla: Thunderbird might execute an alternative OTR library

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

Mozilla: Thunderbird might execute an alternative OTR library

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

Mozilla: Thunderbird might execute an alternative OTR library

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

The vulnerability of the NVIDIA Control Panel driver for graphics processors such as NVIDIA GeForce, Quadro, NVS, and Tesla for Windows operating systems allows a malicious actor to trigger system failures, execute arbitrary code, or escalate their privileges.

The vulnerability of the NVIDIA Control Panel driver for graphics processors such as NVIDIA GeForce, Quadro, NVS, and Tesla for Windows operating systems is related to errors in checking the path where dynamically loaded libraries are loaded. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.

The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries used by the embedded component. Exploiting this vulnerability can allow an attacker to increase their privileges...

PYSEC-2020-109

In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...

USN-4661-1 snapcraft vulnerability

It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...

UBUNTU-CVE-2020-27348

In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to execute arbitrary code.

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software-related client software is related to errors in the mechanism for checking the path to dynamically attached libraries. Exploiting this vulnerability can allow an attacker to execute...

The vulnerability of the installation file of the Kaspersky Security Center Web Console allows a perpetrator to increase their privileges.

The vulnerability of the installation file of the Kaspersky Security Center Web Console relates to errors in the mechanism for checking the path to dynamically linked libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the installation file of the Kaspersky Anti-Ransomware Tool allows a perpetrator to increase their privileges.

The vulnerability of the installation file of the Kaspersky Anti-Ransomware Tool is related to errors in the mechanism for checking the path to dynamically linked libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the LD_LIBRARY_PATH environment variable in Apache OpenOffice’s office programs allows a hacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.

The vulnerability of the LDLIBRARYPATH environment variable in Apache OpenOffice applications is related to a lack of mechanisms for privilege control and access management. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential data, cause service failures,...

USN-4400-1 nfs-utils vulnerability

It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges...