Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure

The Jetpack Scan team identified a Local File Disclosure vulnerability in the plugin that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in t...

Huawei Manageone Local Elevation of Privilege Vulnerability

Huawei Manageone is a cloud data center management solution from Huawei China. Huawei Manageone supports unified management of heterogeneous cloud resource pools and provides multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis,...

Thomas Mortagne xwiki-platform SQL注入漏洞

Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to SQL injection, which can be exploited by attackers to inject SQL statements for execution...

The vulnerability of the `expand_downwards` function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the expanddownwards function in Linux kernel relates to the assignment of the null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2018-3620

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

PT-2021-6079 · Rpm +8 · Rpm +8

Name of the Vulnerable Software and Affected Versions: RPM affected versions not specified Description: The issue is related to insufficient authentication of data in the RPM software's signature check functionality. This allows an attacker to potentially corrupt the RPM database and execute code...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation in the United States. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to trigger a...

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

Foxit Studio Photo 缓冲区错误漏洞

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of CR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

UBUNTU-CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

CVE-2021-26826

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...

Industrial Gear at Risk from Fuji Code-Execution Bugs

Industrial control software ICS from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Fuji Electric’s Tellus...

CentOS 8 : kernel (CESA-2019:3517)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3517 advisory. - kernel: Linux stack ASLR implementation Integer overflow CVE-2015-1593 - kernel: nfs: use-after-free in svcprocesscommon CVE-2018-16884 - kernel:...

SUSE SLES12 Security Update : sudo (SUSE-SU-2021:0226-1)

This update for sudo fixes the following issues : A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges bsc1181090,CVE-2021-3156 It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit...

Winmail Code Issue Vulnerability

Winmail is a server-side application used to provide email services by Suzhou Huazhao Technology Winmail Company in China. A code issue vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to cause the server to send requests to a specific URL...

Design/Logic Flaw

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the...