378 matches found
NetApp Cloud Manager Arbitrary File Overwrite Vulnerability
NetApp Cloud Manager is a centralized system for viewing and managing local and cloud storage with support for hybrid, multi-cloud providers and accounts. An arbitrary file overwrite vulnerability exists in NetApp Cloud Manager prior to version 3.9.4. A remote attacker could exploit this...
CVE-2021-21193
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
NETGEAR JGS516PE/GS116Ev2 Arbitrary Data Write Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An arbitrary data write vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP firmware update mechanism not properly implementing firmware validation. A remote...
Google Chrome Referrer Misimplementation Vulnerability
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A Referrer improperly implemented vulnerability exists in versions of Google Chrome prior to 89.0.4389.72. A remote attacker can exploit the vulnerability to bypass...
EPrints Arbitrary File Read Vulnerability (CNVD-2021-14737)
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering a specially crafted LaTeX into cgi/latex2png?latex=...
Huawei eCNS280 Resource Management Error Vulnerability
Huawei eCNS280 is the core network equipment of Huawei's wireless broadband trunking system. In addition to providing the network functions of a traditional core network, it also virtualizes the functions of network elements and shares standardized hardware resources among multiple network elemen...
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerability (CNVD-2021-09935)
Cisco Smart Software Manager Satellite is software designed to provide intelligent management capabilities for licenses. A command injection vulnerability exists in the WEB UI of Cisco Smart Software Manager Satellite 5.1.0 and prior versions. The vulnerability stems from the program not properly...
Arbitrary File Read Vulnerability in InRouter900 Industrial Router from Johntons
The Johnton-InRouter900 series industrial router is a 4G industrial router. The InRouter900 Industrial Router suffers from an arbitrary file read vulnerability, which originates from the program failing to properly validate user data, and can be exploited by a remote attacker to read arbitrary...
Arbitrary File Deletion Vulnerability in InRouter900 Industrial Router from Johntons
The Johnton-InRouter900 series industrial router is a 4G industrial router. The InRouter900 Industrial Router suffers from an arbitrary file deletion vulnerability, which originates from the program failing to properly validate user data, and can be exploited by a remote attacker to delete...
Command Execution Vulnerability in the InRouter900 Industrial Router from Johnstone (CNVD-2021-10446)
The Johnton-InRouter900 series industrial router is a 4G industrial router. A command execution vulnerability exists in the InRouter900 Industrial Router. The vulnerability stems from the program's failure to properly validate user data and can be exploited by a remote attacker to execute arbitra...
Arbitrary File Deletion Vulnerability in the InRouter900 Industrial Router from Imagicom (CNVD-2021-10443)
The Johnton-InRouter900 series industrial router is a 4G industrial router. The InRouter900 Industrial Router suffers from an arbitrary file deletion vulnerability, which originates from the program failing to properly validate user data, and can be exploited by a remote attacker to delete...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2021-05523)
Cisco Firepower Management Center is the nerve center for managing Cisco network security solutions, improving the effectiveness of Cisco network security solutions by providing centralized, integrated, and simplified management. A stored cross-site scripting vulnerability exists in the Web...
Design/Logic Flaw
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Design/Logic Flaw
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Linux kernel llcp_sock_bind() Denial of Service Vulnerability
Linux kernel is an open source operating system. A security vulnerability exists in Linux kernel llcpsockbind, which can be exploited by remote attackers to submit a special request that can crash the system...
Design/Logic Flaw
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-15999
CVE-2020-15999 corresponds to a heap-based buffer overflow in FreeType that can be triggered by crafted font/PNG data, potentially via a malicious HTML page, affecting freetype usage in Google Chrome before 86.0.4240.111. Public advisories describe the issue as a heap overflow in Load_SBit_Png an...
Ubuntu 16.04 LTS : FlightGear vulnerability (USN-4588-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4588-1 advisory. It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to...
CVE-2020-6556
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Atlassian Jira Server-Side Request Forgery Vulnerability
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A server-side request forgery vulnerability exists in Atlassian Jira versions prior to 8.7.0. A remote attacker can exploit this...