Moodle Authenticated Spelling Binary RCE

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: 2.7.1.5659 2.0.5.3356-184 Summary: CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a...

Google Chrome < 94.0.4606.81 Multiple Vulnerabilities

Binary data 701370.pasl...

VMware vCenter Server Arbitrary File Upload (VMSA-2021-0020)

Binary data vmwarevcentercve-2021-22005.nbin...

Security Bulletin: Jackson-Dataformats Vulnerability Affects the B2B API of IBM Sterling B2B Integrator (CVE-2020-28491)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability Vulnerability Details CVEID: CVE-2020-28491 DESCRIPTION: FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of byte buffer flaw. By sending a specially-crafted...

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

CVE-2021-35504

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

Remote code execution

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

Remote code execution

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

CVE-2021-35505

CVE-2021-35505 affects Afian FileRun 2021.03.26. The vulnerability enables Remote Code Execution by administrators via the Check Path value for the magick binary. The description identifies a path/command handling issue in the magick binary check, leading to code execution with the attacker’s cho...

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

CVE-2021-35504

CVE-2021-35504 affects Afian FileRun 2021.03.26 and enables Remote Code Execution (RCE) via the Check Path value used for the ffmpeg binary. The Red Hat and CVE/NVD entries confirm the vulnerability exists in that FileRun release and describe the root cause as improper handling of the ffmpeg bina...

Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)

Binary data apache2449pathtraversal.nbin...

GHSA-9378-F4V7-JGM4 Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...

CVE-2021-38394

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted...

Design/Logic Flaw

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted...

CVE-2021-38394 Missing Protection against Hardware Reverse Engineering Using Integrated Circuit Imaging Techniques for Boston Scientific Zoom Latitude

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted...

CVE-2021-38394

CVE-2021-38394 pertains to Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120. The EUVD/CNNVD and ICS-CISA sources in the connected set describe a vulnerability: missing protection against hardware reverse engineering using IC imaging techniques, enabling an attacker with phys...

ManageEngine EventLog Analyzer < Build 12201 REST API Restriction Bypass RCE

Binary data manageengineeventloganalyzercve-2021-40539.nbin...