PT-2021-3814 · Microsoft · Windows Remote Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Remote Desktop Client affected versions not specified Description: The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. This can give an attacker complete control over th...

AZL-6593 CVE-2021-38209 affecting package kernel for versions less than 5.10.78.1-1

net/netfilter/nfconntrackstandalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NFSYSCTLCTMAX, NFSYSCTLCTEXPECTMAX, and NFSYSCTLCTBUCKETS sysctls...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0 and 2.2.1. These issues were disclosed as part of the IBM Java SDK updates in April 2018...

Sunhillo SureLine 操作系统命令注入漏洞

Sunhillo SureLine is a surveillance product from Sunhillo, Inc. The Sunhillo SureLine application suffers from an operating system command injection vulnerability that could allow an attacker to execute arbitrary commands with root privileges, effectively taking control of the target system by...

KevinLAB BEMS 1.0 Undocumented Backdoor Account Vulnerability

KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with...

2021 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability...

Security Bulletin: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could affect IBM InfoSphere Optim Performance Manager CVE-2017-10115 CVE-2017-10116

Summary An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors, and allow an unauthenticated...

Insyde InsydeH2O has an unspecified vulnerability (CNVD-2022-10035)

Insyde H2OFFT is a set of tools for BIOS firmware development from Insyde Software Taiwan, China.Insyde InsydeH2O has a security vulnerability that could be exploited by attackers to gain control of the system via system administration mode privileges...

CISA Releases Advisory on ZOLL Defibrillator Dashboard

CISA has released an Industrial Controls Systems ICS Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...

Microsoft Releases June 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2021 Security Update Summary and...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

Microsoft Releases May 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2021 Security Update Summary and Deployme...

 Cisco Releases Security Updates for Multiple Products 

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

CVE-2020-21997

Smartwares HOME easy =1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control...

Information disclosure

Smartwares HOME easy =1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control...

CVE-2020-21997

Smartwares HOME easy =1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control...

CVE-2020-21997

Smartwares HOME easy

Smartwares Home Easy 访问控制错误漏洞

Smartwares Home Easy is an application from Smartwares USA. Comfortably control home devices from your iPhone or Android smartphone using a remote outlet An access control error vulnerability exists in Smartwares HOME easy version 1.0.9 and prior versions, which stems from susceptibility to...

CVE-2021-21224

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Recent assessments: gwillcox-r7 at June 17, 2021 3:06pm UTC reported: According to...