CVE-2022-45315

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet...

PT-2022-6164 · Advantech · R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet versions 2.4.19 and prior Description: The issue is due to incorrect restriction of the directory path name with limited access. An unauthorized attacker could remotely exploit vulnerable PHP code to delete arbitrary files,...

Illumina Local Run Manager File Upload Vulnerability

Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager contains a file upload vulnerability that could be exploited by an attacker to upload any file typ...

PT-2021-6087 · Sap · Sap Netweaver As Abap +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP and ABAP Platform versions 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 Description: The software logistics system enables a malicious user to transfer ABAP code artifacts or content, bypassing th...

Race condition

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2021-36635)

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10.2641. An attacker can exploit this vulnerability via htmlescape ... /... /programs/escape.c:51 to exploit the vulnerability and cause a heap buffer overflow...

Trend Micro HouseCall for Home Networks elevation of privilege vulnerability (CNVD-2021-37058)

Trend Micro HouseCall for Home Networks is a suite of home network security scanning software from Trend Micro. The software supports scanning a wide range of home network devices and identifying network risks. An elevation of privilege vulnerability exists in Trend Micro HouseCall for Home...

CVE-2021-3156 "Baron Samedit"

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Recent assessments: cdelafuente-r7 at January 27, 2021 3:40pm UTC...

CVE-2019-9800

CVE-2019-9800 is supported by multiple connected advisories indicating memory safety bugs in Mozilla products (Thunderbird 60.x, Firefox ESR 60.x, Firefox 66–67 range) that could allow arbitrary code execution. The root cause is memory safety issues leading to memory corruption; affected versions...

Malicious Package

Overview All versions of commqnder contain malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive. Recommendation Remove the package...

Adobe Acrobat Pro DC Font Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

CVE-2018-11756 affects the PHP Runtime for Apache OpenWhisk when used as a Docker action based on tags such as openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (and older). The vulnerability allows a remote attacker to overwrite the source code of a function executing inside the...

CVE-2018-11757

CVE-2018-11757 affects Docker Skeleton Runtime for Apache OpenWhisk. A Docker action using openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. The issue is described in multiple so...

CVE-2017-9638

CVE-2017-9638 affects Mitsubishi Electric Europe B.V. E-Designer, version 7.52 Build 344. The vulnerability is a stack-based buffer overflow in six code sections that can lead to arbitrary code execution, data integrity compromise, denial of service, and system crash. Connected sources (ICS-CERT)...

CVE-2017-10940

CVE-2017-10940 affects Joyent Smart Data Center before [email protected]. The Docker API flaw does not properly validate user-supplied data, enabling an attacker who can run low-privileged code to upload arbitrary files and escalate to root execution. Exp...