Siemens Desigo CC 操作系统命令注入漏洞

Siemens Desigo CC is an open building management platform from Siemens, Germany.GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform.Operation Scheduler is a tool that enables security...

XeroSecurity Sn1per 安全漏洞

XeroSecurity Sn1per is a persistent attack surface management ASM platform. A security vulnerability exists in XeroSecurity Sn1per version 9.0 that stems from an application execution with insecure permissions set 0777 that allows an unprivileged user to modify the application, modules and...

Vulnerability fixed in Apple iOS, iPadOS and macOS

A vulnerability has been fixed in iOS, iPadOS and macOS. A malicious party could potentially exploit the vulnerability to execute arbitrary code under root privileges. Apple indicates that this vulnerability may be actively abused being exploited. Apple has released updates to fix the...

Fortinet FortiManager和Fortinet FortiAnalyzer 资源管理错误漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products from Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains...

The vulnerability of the cmd_subsys.php component of the Nagios Fusion software, a visualization tool for IT infrastructure monitoring, allows a attacker to escalate their privileges or execute arbitrary code with root rights.

The vulnerability of the cmdsubsys.php component of the Nagios Fusion software, a visualization tool for IT infrastructure monitoring, is related to the lack of measures for cleaning input data. Exploiting this vulnerability can allow an attacker to increase their privileges or execute arbitrary...

Vulnerabilities fixed in the linux kernel

Canonical has fixed a number of vulnerabilities in the Linux kernel. The vulnerabilities allow an authenticated malicious person able to cause a denial-of-service, or potentially execute arbitrary code with root privileges. The vulnerabilities are known to be exploitable only locally or through...

CVE-2021-1538

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default...

CVE-2021-1509

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1511

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

PT-2021-5238 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R11.4 Description: A buffer overflow issue exists, allowing a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room data. This can be exploited ...

Heap overflow

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length...

NETGEAR R7000 缓冲区错误漏洞

Netgear NETGEAR R7000 is a wireless router from Netgear, Inc. A security vulnerability exists in the NETGEAR R7000 in 1.0.11.116, which stems from a failure of the network system or product to properly filter special elements of the code segment during external input data construction. An attacke...

CVE-2021-27252

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendorspecific DHCP opcode. The...

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a WiFi range extender from D-Link, a Taiwan-based company.TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A command injection vulnerability exists in D-Link DAP-2020...

Vulnerabilities fixed in Red Hat OpenShift container platform

Red Hat has released version 4.7.5 of its OpenShift Container Platform. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. -= Red Hat =- Red Hat has made updates available for OpenShift Container Platform...

CVE-2021-27245

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

CVE-2021-27239

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on...

TP-Link Archer A7 安全漏洞

Tp-link TP-Link Archer A7 is a wireless router from China P&L Tp-link. A security vulnerability exists in the TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers, which stems from a failure to properly filter IPv6 SSH connections. An attacker could exploit the...

CVE-2020-28695

CVE-2020-28695 affects Askey Fiber Router RTF3505VW-N1, and related models, enabling remote code execution and extraction of admin credentials to log into the Dashboard or SSH as root. The CVE entry describes an unauthenticated path resulting in full device compromise (CVE-2020-28695). Connected ...