CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

CVE-2021-25227

Trend Micro Antivirus for Mac 2021 Consumer is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Microsoft Windows AppX Deployment Service Directory Junction Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute code on the target host...

Design/Logic Flaw

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

Microsoft Windows and Windows Server Information Disclosure Vulnerability (CNVD-2021-71945)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows and Windows Server are vulnerable to an information disclosure vulnerability that stems...

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71412)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows and Windows Server. The vulnerability ste...

Microsoft Windows Routing Utilities Denial of Service Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in Microsoft Windows Routing Utilities, which ste...

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68740)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

CVE-2020-24558

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execut...

CVE-2020-24558

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execut...

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65601)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

Microsoft Graphics Components Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...

Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-67490)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

CVE-2019-20792

A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attacker to exploit this vulnerability by inserting and removing a malicious smart card, handled by the coolkey driver, that could potentially execute code on the target system,...

Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability (CNVD-2020-33802)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Graphics Device Interface GDI is one of the graphic device interfaces. An...

Windows Denial of Service Vulnerability

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a...

Microsoft Graphics Components Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...

Updated ruby-json packages fix security vulnerability

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...