Vulnerability fixed in Artifex Ghostscript

Artifex has fixed a vulnerability in Ghostscript. The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code under the privileges of Ghostscript. To do this, the malicious party must trick the victim into to open a malicious document. Artifex has release...

Vulnerability fixed in Cisco IP Phone

A vulnerability has been fixed in Cisco IP Phone. The vulnerability allows a malicious person with physical access to the device to execute arbitrary code with elevated permissions. Cisco has released updates to fix the vulnerability. More information can be found on the page below:...

CVE-2021-21574

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions...

ClamAV 代码问题漏洞

ClamAV Clam AntiVirus is a free and open source antivirus program from the Clamav team. The software is used to detect Trojans, viruses, malware and other malicious threats. ClamAV Windows suffers from a code issue vulnerability that can be exploited by an attacker who can create a malicious DLL ...

Mozilla Firefox Memory Corruption Code Execution Vulnerability

Mozilla Firefox is an open source web browser. A memory corruption vulnerability exists in Mozilla Firefox, which can be exploited by a remote attacker to submit a specially crafted web request and trick the user into parsing it, which can cause the application to crash or execute arbitrary code ...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser. A memory corruption vulnerability exists in Mozilla Firefox, which can be exploited by a remote attacker to submit a specially crafted web request and trick the user into parsing it, which can cause the application to crash or execute arbitrary code ...

Microsoft Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio. An attacker could exploit t...

qt: files placed by attacker can influence the working directory and lead to malicious code execution

Out of bounds write in IntelR PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access...

Oracle Linux 7 : pcp (ELSA-2020-3869)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3869 advisory. 4.3.2-12 - Fix pcp-atop dynamic memory initialization issues BZ 1818710 4.3.2-8 - Fix rpm %post privilege escalation CVEs BZs 1815249, 1815528 - Resolv...

CVE-2020-1556

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...

Microsoft Windows Speech Brokered API Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

Command Execution Vulnerability in Flush Cloud

Flush Cloud is a stock analysis and trading software launched by Zhejiang Nuclear New Flush Network Information Co. Flush Cloud Computing suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...

USN-4317-1 firefox vulnerabilities

Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code...

Command Execution Vulnerability in SDCMS-B2C Mall Web Management System

SDCMS-B2C mall website management system is a marketing mall management system that combines many functions such as city substation, cloud storage, micro letter distribution, micro letter public number, combination package, gift, multi-person group and so on. SDCMS-B2C Mall Website Management...

WordPress sharebar plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sharebar is a plugin used to add social sharing buttons to blogs. A cross-site scripting vulnerability exists in the WordPress shareba...

PT-2019-3051 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An elevation of privilege issue exists due to the way the wcmsvc.dll handles objects in memory. This could allow an attacker to execute code with elevated permissions by running a specially...

PT-2019-2920 · Microsoft · Windows Server 2012 +7

Name of the Vulnerable Software and Affected Versions: Remote Desktop Services versions prior to the fixed version, including Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions...

KaiOS Gecko Component Denial of Service Vulnerability in Nokia 8810 4G Devices

The Nokia 8810 4G is a generation of banana model phones. A security vulnerability exists in the Gecko component of KaiOS version 2.5 10.05 on Nokia 8810 4G devices. The vulnerability can be exploited by an attacker to execute code or cause a denial of service with the help of a specially crafted...

PT-2018-14844 · Ethereumjs · Ethereumjs-Vm

Name of the Vulnerable Software and Affected Versions: ethereumjs-vm version 2.4.0 Description: The issue allows attackers to cause a denial of service, leading to vm.runCode failure and REVERT, via a code attribute set to Buffer.frommy code, 'hex'. It's worth noting that the vendor disputes this...

glusterfs: glusterfs server exploitable via symlinks to relative paths

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...