[SECURITY] Fedora 35 Update: python-reportlab-3.6.2-1.fc35

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

Adobe Illustrator 2022 null pointer dereference vulnerability (CNVD-2021-101937)

Adobe Illustrator is a vector graphics editor and design program. Adobe Illustrator 2022 25.4.1 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service in the application...

Adobe Illustrator 2022 null pointer dereference vulnerability (CNVD-2021-101936)

Adobe Illustrator is a vector graphics editor and design program. Adobe Illustrator 2022 25.4.1 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service in the application...

Adobe Illustrator 2022 out-of-bounds read vulnerability (CNVD-2021-101939)

Adobe Illustrator, a vector graphics editor and design program, is vulnerable to an out-of-bounds read vulnerability in Adobe Illustrator 2022 25.4.1 and earlier versions. An attacker could exploit this vulnerability to elevate privileges...

Protect your business from password sprays with Microsoft DART recommendations

Over the past year, the Microsoft Detection and Response Team DART, along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to fin...

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================...

Nextcloud 路径遍历漏洞

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...

CVE-2021-0652

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2329)

Summary An Oracle database server vulnerability has been addressed by IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2329 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the XML DB component could allow an authenticated...

OSV-2021-1475 Heap-buffer-overflow in derive_spatial_luma_vector_prediction

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40107 Crash type: Heap-buffer-overflow READ 1 Crash state: derivespatiallumavectorprediction filllumamotionvectorpredictors motionvectorsandrefindices...

CVE-2021-35551

Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successfu...

Buffer overflow

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-35604

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2021-35558

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS...

CVE-2021-2483

Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite component: Content Item Manager. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Content Manager...

CamaleonCMS 安全漏洞

CamaleonCMS is a RubyonRails-based advanced dynamic content management system CMS from the Camaleon CMS team.A denial-of-service vulnerability exists in Camaleon CMS versions 2.0.1 through 2.6.0, which stems from a vulnerability to uncaught exceptions in Camaleon CMS. An attacker with low privile...

The vulnerability in Microsoft Visio’s vector graphic editors, diagram editors, and block diagrams relates to the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability in Microsoft Visio’s vector graphic editors, diagram editors, and block diagrams relates to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

GSD-2021-1001686 i40e: Fix freeing of uninitialized misc IRQ vector

i40e: Fix freeing of uninitialized misc IRQ vector This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.12 by commit...

UVI-2021-1001579 i40e: Fix freeing of uninitialized misc IRQ vector

i40e: Fix freeing of uninitialized misc IRQ vector This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.153 by commit...

GSD-2021-1001549 i40e: Fix freeing of uninitialized misc IRQ vector

i40e: Fix freeing of uninitialized misc IRQ vector This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.211 by commit...