CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

Huawei FusionCompute Product Command Injection Vulnerability

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, etc. A command injection vulnerability exists in the Huawei FusionCompute product, which stems from incorrect input validation in the CMA servi...

Microsoft Windows Update Agent Directory Junction Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update...

jscom RevoWorks Browser 安全漏洞

J's Communication RevoWorks Browser is a web browser from J's Communication Japan. A security vulnerability exists in jscom RevoWorks Browser that could allow a remote attacker to execute arbitrary code on the target system...

ROS-2-714

2.714 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...

XStream can cause a Denial of Service

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

Remote code execution

The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution...

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

CVE-2021-26606

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...

Authorization

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...

Input validation

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...

Fortinet FortiSandbox Buffer Overflow Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, a US-based company. The appliance offers dual sandboxing technology, a dynamic threat intelligence system, a real-time control panel and reporting, etc. The Fortinet FortiSandbox is vulnerable to a buff...

Foxit PDF Reader has a use-after-release vulnerability

Foxit PDF Reader is a PDF reader. Foxit PDF Reader is vulnerable to a post-release exploit that could be used by remote attackers to execute arbitrary code on the target system...

Foxit PDF Reader Resource Management Error Vulnerability

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...

Nvidia NVIDIA MB2 缓冲区错误漏洞

Nvidia NVIDIA MB2 is a component of Nvidia Corporation, USA. A security vulnerability exists in NVIDIA MB2 that stems from a boot loader containing a vulnerability in NVIDIA MB2, where a potential heap overflow could result in heap metadata corruption. An attacker can exploit the vulnerability to...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2021-54699)

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code on the target system...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A boundary error within ICU component in Google Chrome allows a remote attacker to trick a user into visiting a malicious webpage to exploit a double free error and execute arbitrary code on the target system...

CVE-2021-31421

This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

CVE-2021-25227

Trend Micro Antivirus for Mac 2021 Consumer is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...