Adobe Illustrator 2021 Out-of-Bounds Write Vulnerability (CNVD-2021-55965)

Adobe Illustrator 2021 is a vector drawing software. An out-of-bounds write vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

PT-2021-3668 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 12.3 prior to 12.3R12-S19 Juniper Networks Junos OS versions 15.1 prior to 15.1R7-S10 Juniper Networks Junos OS versions 17.3 prior to 17.3R3-S12 Juniper Networks Junos OS versions 18.4 prior to 18.4R3-S9...

Juniper Junos OS Vulnerability (JSA11208)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11208 advisory. - A vulnerability in the Distance Vector Multicast Routing Protocol DVMRP of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet...

IBM Cloud Pak for Applications 加密问题漏洞

IBM Cloud Pak for Applications is an application from IBM USA, Inc. A security vulnerability exists in IBM Cloud Pak for Applications version 4.3, which stems from the application's use of an improper encryption algorithm. An attacker could exploit the vulnerability to be able to decrypt highly...

OSV-2021-950 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<hsql::Expr**>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35944 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::vector ::makeiter std::1::vector ::begin...

MTN Group: HTML injection in email content during registration via FirstName/LastName parameter

Summary: Hi, I just found an issue when register account in https://mtnmobad.mtnbusiness.com.ng//auth/registerUser It allows an attacker to inject malicious text include html code in email content. Steps To Reproduce: 1. Go to https://uat.id.manulife.ca/mortgagecreditor/register?uilocales=en-CA. ...

Print Spooler Remote DLL Injection

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running. Module Options msf use...

The vulnerability of the EncodeImage function in the coders/pict.c component of the console image editing tool ImageMagick, which involves reading data beyond the allowed buffer limits, allows a hacker to cause a service failure.

The vulnerability of the EncodeImage function in the coders/pict.c component of the console-based graphic editor ImageMagick involves reading data from beyond the allowed buffer limits. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using a specially...

The vulnerability of the qsvghandler.cpp component of the cross-platform development framework for Qt software, related to the lack of a mechanism for checking input data, allows attackers to trigger service failures.

The vulnerability of the qsvghandler.cpp component of the cross-platform framework for developing Qt software is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to trigger a service failure by using an altered SVG image...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress WP S...

Cross site scripting

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. Malicious authenticated Panel users can...

CVE-2020-27361

An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories...

Keystone Engine 安全漏洞

Keystone Engine is an assembler framework. A security vulnerability exists in Keystone Engine that stems from Keystone Engine having an invalid idle in llvmks::SmallVectorImpl::SmallVectorImpl...

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

CVE-2021-31516

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

CVE-2021-31516

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

CVE-2021-31515

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

CVE-2021-31515

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...