Microsoft Azure Site Recovery 代码注入漏洞

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...

Microsoft Windows Event Tracing 代码注入漏洞

Microsoft Windows Event Tracing is an application from Microsoft Corporation USA. It provides a mechanism to track and log events raised by user-mode applications and kernel-mode drivers. A code injection vulnerability exists in Microsoft Windows Event Tracing. The following products and editions...

Microsoft SMBv3 代码注入漏洞

Microsoft SMBv3 is a support firmware from Microsoft Corporation USA that provides SMB functionality for devices. A code injection vulnerability exists in Microsoft SMBv3 Client/Server. The following products and versions are affected: Windows 10 Version 21H1 for x64-based Systems,Windows 10...

CVE-2021-39979

HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity...

Microsoft Office 代码注入漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. An attacker can exploit this...

Microsoft 4K Wireless Display Adapter 代码注入漏洞

The Microsoft 4K Wireless Display Adapter is a 4K wireless display adapter from Microsoft Corporation USA. A code injection vulnerability exists in the Microsoft 4K Wireless Display Adapter. The vulnerability arises from a network system or product not properly filtering specific elements of...

Microsoft Remote Desktop Client 代码注入漏洞

Microsoft Remote Desktop Client is a remote desktop client from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Remote Desktop Client. The following products and versions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based...

HPE StoreServ Management Console和Manage 代码注入漏洞

HPE StoreServ Management Console SSMC is a professional storage array fast management and processing tools from the United States hpe HPE. The software enables the creation of logical volumes, daily patrols, and other operations on related storage. A code injection vulnerability exists in the HPE...

ArcGIS Server 代码注入漏洞

Esri Arcgis Server is a web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. in the United States. A security vulnerability exists in ArcGIS Server that allows an attacker to inject html content into a page...

GitLab 代码注入漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A code injection vulnerability exists in GitLab that stems from the possibilit...

PT-2021-22868 · Suse +1 · Uyuni +2

Name of the Vulnerable Software and Affected Versions: Spacewalk version 2.10 Uyuni version 2021.08 Uyuni spacewalk-admin versions prior to 4.3.2-1 Description: The issue allows code injection due to the lack of sanitization of the configuration filename used by the rhn-config-satellite.pl script...

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not...

UReport 代码注入漏洞

UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

playSMS代码注入漏洞

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS versions prior to 1.4.5, which stems from allowing PHP code to be entered via the tabs message page of coremainconfig. This...

Espressif ESP-IDF 代码注入漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China's Loxin Information Technology Espressif. A code injection vulnerability exists in the Espressif ESP-IDF that stems from the Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier versions not properly...

ZOHO ManageEngine Log360 跨站请求伪造漏洞

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory requirements.A code injection...

opensysusers 代码注入漏洞

opensysusers is an open source package. It is an alternative implementation of systemd-sysusers that can be run on systems with or without systemd installed. A code injection vulnerability exists in versions of opensysusers prior to 0.6, which poses a security risk primarily due to the use of...

IBM DataPower Gateway 跨站请求伪造漏洞

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates, and optimizes access across channel...

PT-2021-24125

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Cloud Service Appliance EPM CSA affected versions not specified Description: A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows an unauthenticated user to execute arbitrary code with...

Microsoft Graphics Component 代码注入漏洞

Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Graphics Component. The following products and versions are affected: Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 201...