Vulnerability fixed in Adobe Magento

Adobe has fixed a vulnerability in Magento. A malicious party could potentially exploit the vulnerability to execute arbitrary code without authentication to execute arbitrary code under the privileges of the application. Adobe indicates that targeted exploits have been observed on Adobe Commerce...

Vulnerability fixed in Oracle Health Sciences Applications

Oracle has fixed a vulnerability in the following products: Thesaurus Management System Clinical Health Sciences Clinical Development Analytics Argus Safety Argus Insight Argus Analytics Health Sciences InForm CRF Submit Argus Mart ------------------.------.------------------------------------- |...

ZOHO ManageEngine ServiceDesk Plus 授权问题漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management, IT Project Management, Procurement and Contract Management module...

Corel Pdf Fusion 缓冲区错误漏洞

Corel Pdf Fusion is a commercial all-in-one Pdf creator from Canada's Corel Digital Technology Corel. For assembling, editing and creating Pdf. A security vulnerability exists in Corel PDF Fusion 2.6.2.0, which originates from a buffer error in Coreip.dll when parsing a carefully crafted file,...

Corel WordPerfect 2020 缓冲区错误漏洞

Corel WordPerfect 2020 is a commercial word processing tool from Corel, a Canadian company of Corel Digital Technology Corel. A buffer error vulnerability in IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 can be exploited by an unauthenticated attacker to execute arbitrary code...

Vulnerability fixed in OpenVPN Access Server

The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...

Fixed vulnerability in Big-IP Access Policy Manager (APM).

The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. BIG-IP has released updates to fix the vulnerability. More information can be...

CVE-2021-37181

A vulnerability has been identified in Cerberus DMS V4.0 All versions, Cerberus DMS V4.1 All versions, Cerberus DMS V4.2 All versions, Cerberus DMS V5.0 All versions v5.0 QU1, Desigo CC Compact V4.0 All versions, Desigo CC Compact V4.1 All versions, Desigo CC Compact V4.2 All versions, Desigo CC...

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...

Acronis True Image 授权问题漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. A security vulnerability exists in Acronis True Image 2021 Update 4 and earlier versions for...

The vulnerability of signature verification functions (GOST DSA, EDDSA, and ECDSA) in the Nettle library, due to deficiencies in the cryptographic algorithms used, allows a perpetrator who has not undergone authentication verification to execute arbitrary code.

The vulnerability of signature verification functions GOST DSA, EDDSA, and ECDSA in the Nettle library is related to the shortcomings of the cryptographic algorithms used. Exploiting this vulnerability could allow an attacker to execute arbitrary code by submitting invalid signatures...

PT-2021-2987 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco SD-WAN vManage Software, which could allow an unauthenticated, remote attacker to execute arbitrary code ...

CVE-2021-29098

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

PT-2021-18086 · Esri · Arcgis Desktop +3

Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: The issue arises from multiple uninitialized pointer...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker to achieve arbitrary code execution in the context of the current...

CVE-2021-27255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack o...

Matthias Van Woensel qcubed 安全漏洞

Matthias Van Woensel qcubed is an application by Matthias Van Woensel. It provides a PHP model-view-controller framework for rapid application development. A security vulnerability exists in qcubed all versions including 3.1.1 that allows unauthenticated code execution via a crafted POST request...

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

Multiple Cisco Product Licensing Issues Vulnerabilities

The Cisco RV160, among others, is a router from Cisco, USA that is used in enterprise environments. An authorization issue vulnerability exists in the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers, which could be exploited by an unauthenticated, remote attacker to...

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...