2841 matches found
Rails -- remote code execution vulnerability
Ruby on Rails blog: Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released. The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems...
Arbitrary Code Execution
python is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...
Fazecast jSerialComm Code Issue Vulnerability
Fazecast jSerialComm is a Java library that provides platform-independent access to standard serial ports from Fazecast, U.S.A. Schneider Electric EcoStruxure IT Gateway is a suite of cloud-based Data Center Management as a Service DMaaS offerings from Schneider Electric, France. A code issue...
Tobesoft Xplatform Code Execution Vulnerability
Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A security vulnerability exists in Tobesoft Xplatform 9.2.2.250 and prior versions. A remote attacker ca...
Remote code execution
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution...
TP-Link TL-WA855RE login.json Authentication Privilege Elevation Improper Vulnerability
The TP-Link TL-WA855RE is a wireless network signal extender from China P&L TP-Link. A security vulnerability exists in the initial setup process in the TP-Link TL-WA855RE, which stems from the program failing to properly validate the initial setup request. The vulnerability can be exploited by a...
Code Execution Vulnerability in Attentive Home Attentive Cat (imcat)
Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. A code execution vulnerability exists in Intimate Home Care Intimate Cat imcat, which can be exploited by attackers to execute malicious code...
CVE-2020-12138
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM...
NETGEAR XR500 Input Validation Error Vulnerability
The NETGEAR XR500 is a wireless router from NETGEAR. An input validation error vulnerability exists in NETGEAR XR500 versions prior to 2.3.2.32, which can be exploited by an attacker to execute code...
Autodesk FBX-SDK Code Execution Vulnerability
Autodesk FBX-SDK is a C++ software development platform and API toolkit from Autodesk USA, which is mainly used to convert existing content to FBX format. A security vulnerability exists in Autodesk FBX-SDK 2019.0 and earlier versions. An attacker can exploit the vulnerability to execute code on...
CVE-2020-7082
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it...
Aruba Networks ClearPass Code Execution Vulnerability
Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass. An attacker could exploit the vulnerability to execute code...
Aviatrix Systems OpenVPN client input validation error vulnerability
Aviatrix Systems OpenVPN client is a VPN Virtual Private Network client program from Aviatrix Systems, USA. An input validation error vulnerability exists in Aviatrix Systems OpenVPN client Linux, macOS, and Windows versions 2.5.7 and earlier. An attacker can exploit this vulnerability by changin...
Apache Heron Code Issue Vulnerability
Apache Heron is a distributed , fault-tolerant real-time stream processing engine . A code issue vulnerability exists in Apache Heron versions 0.20.2-incubating, 0.20.1-incubating, and 0.20.0-incubating. An attacker could exploit the vulnerability to execute code...
Foxit PDF Reader U3D Plugin's ci*** module suffers from an override read vulnerability
Foxit PDF Reader is an e-book reader. The ci module of the Foxit PDF Reader U3D plug-in has an override read vulnerability that can be exploited by an attacker to execute code in the current application context by constructing a special PDF file...
Debian: Security Advisory (DLA-2174-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : e2fsprogs (EulerOS-SA-2020-1379)
According to the version of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory ca...
Security Update for Microsoft Office 2013 (KB4484229) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2013 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
Security Updates for Outlook (April 2020)
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install...
Mozilla Firefox Code Execution Vulnerability (CNVD-2020-22306)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 74. An attack could exploit the vulnerability to corrupt memory or possibly execute arbitrary code...