elecom lan 操作系统命令注入漏洞

elecom lan routers is a router from Elecom Japan. An operating system command injection vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

elecom lan 跨站脚本漏洞

elecom lan routers is a router from Elecom Japan. A cross-site scripting vulnerability exists in elecom lan routers, which can be exploited by an attacker to inject arbitrary script via an unspecified vector...

elecom lan 缓冲区错误漏洞

elecom lan routers is a router from Elecom Japan. A buffer overflow vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

Code injection

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

The vulnerability of the Adobe SVG Native Viewer lies in the overflow of buffer in the queue, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe SVG Native Viewer is related to buffer overflow in the heap. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted PDF file...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker can exploit the vulnerability to cause a device reboot...

Cross site scripting

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

OroCrm 跨站请求伪造漏洞

OroCrm is an open source Customer Relationship Management Crm application from Oro Corporation. It is used to create 360° views of customers across multiple channels, organize sales channels, manage account and contact information, communicate with customers, run marketing campaigns and track...

CVE-2021-40753

Adobe After Effects version 18.4.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a...

AZL-6605 CVE-2021-43975 affecting package kernel for versions less than 5.15.2.1-1

In the Linux kernel through 5.15.2, hwatlutilsfwrpcwait in drivers/net/ethernet/aquantia/atlantic/hwatl/hwatlutils.c allows an attacker who can introduce a crafted device to trigger an out-of-bounds write via a crafted length value...

Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library. This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD... This is only the...

CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...

PT-2021-17004 · Amd · 1St Gen Amd Epyc™ +49

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns a potential "two time pad attack" due to the persistent platform private key not being protected with a random IV. This could lead to security risks, but specific...

Design/Logic Flaw

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...

kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...

Fedora: Security Advisory for autotrace (FEDORA-2021-df1fa3d3e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: autotrace-0.31.1-62.fc35

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

Mozilla Firefox Security Advisory (MFSA2012-63) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

openSUSE: Security Advisory for rubygem-activerecord-5_1 (openSUSE-SU-2021:3634-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: autotrace security update

An update for autotrace is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...