F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation in the United States. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to trigger a...

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

Foxit Studio Photo 缓冲区错误漏洞

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of CR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

UBUNTU-CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...

Industrial Gear at Risk from Fuji Code-Execution Bugs

Industrial control software ICS from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Fuji Electric’s Tellus...

CentOS 8 : kernel (CESA-2019:3517)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3517 advisory. - kernel: Linux stack ASLR implementation Integer overflow CVE-2015-1593 - kernel: nfs: use-after-free in svcprocesscommon CVE-2018-16884 - kernel:...

SUSE SLES12 Security Update : sudo (SUSE-SU-2021:0226-1)

This update for sudo fixes the following issues : A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges bsc1181090,CVE-2021-3156 It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit...

Winmail Code Issue Vulnerability

Winmail is a server-side application used to provide email services by Suzhou Huazhao Technology Winmail Company in China. A code issue vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to cause the server to send requests to a specific URL...

Design/Logic Flaw

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the...

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Microsoft Defender Remote Code Execution Vulnerability Recent assessments: cdelafuente-r7 at January 13, 2021 3:55pm UTC reported: No useful information has been published so far and most of the speculations found online are based on the CVSS 3.0 metrics found in the advisory. That said, the atta...

Information disclosure

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

The SolarWinds Perfect Storm: Default Password, Access Sales and More

SECOND UPDATE A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password “SolarWinds123” that gave attackers an open door into its...

CVE-2020-35395

CVE-2020-35395 describes a stored XSS vulnerability in the EGavilan Media Expense Management System 1.0, affecting the Add Expense Component. The underlying issue is that the attacker-supplied string in the description field can inject JavaScript, leading to persistent client-side code execution....

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is a mail server and calendar server developed by Microsoft. A remote code execution vulnerability exists in Microsoft Exchange Server. An attacker could exploit this vulnerability to achieve remote code execution...

ImageMagick Digital Error Vulnerability (CNVD-2021-10264)

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A numeric error vulnerability exists in GammaImage in /MagickCore/enhance.c in versions of ImageMagick prior to 7.0.8-68. An attacker could cause a denial of service b...