Apple Releases Security Advisories for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...

VMware Releases Security Updates for Aria Operations for Networks

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

CVE-2022-29232 Exposure of messages in BigBlueButton public chats

BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a...

Command Execution Vulnerability in Metersphere

MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...

Tecknodreams SapphireIMS Default Configuration Issue Vulnerability

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A default configuration issue vulnerability exists in Tecknodreams SapphireIMS version 5.0, which stems from the use of default sapphire:ims credentials to connect clients to the...

File Upload Vulnerability in Jianwen Project Management Software

Jianwen project management software is a core information platform that covers the whole project life cycle, the whole project management function, and the whole project stakeholders. Based on the core information platform, it establishes a unified information exchange platform between the...

Command execution vulnerability exists in SEACMS (CNVD-2021-40231)*

SEACMS is a video-on-demand system designed for webmasters with different needs. SEACMS suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

File upload vulnerability exists in RGCMS (CNVD-2021-35776)

RGCMS is an open source building management system. RGCMS has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

File uploading vulnerability in the smart water information management platform

Huatech Digital Technology Co., Ltd. formerly Shanda Luneng Information Technology Co., Ltd. was jointly invested and established by Shandong University and Luneng Group in December 2000, which is now subordinate to Shandong Province State-owned Assets Supervision and Administration Commission...

Google Chrome has a binary vulnerability

Google Chrome is a web browser from Google, an American company. A binary vulnerability exists in Google Chrome, which can be exploited by an attacker to gain control of a server...

File Upload Vulnerability in Apusic Application Server Monitoring and Management Platform

Apusic Application Server is Apusic company developed China's first complete support for J2EE Java 2 Platform, Enterprise Edition products . Apusic written in pure Java language , support for EJB1.1, Servlet, JSP, JMS and so on. Apusic is written in pure Java language and supports EJB1.1, Servlet...

Command Execution Vulnerability in Ke361

Ke361 is an open source Taobao system, based on the latest ThinkPHP3.2 version of the development, to provide a more convenient and secure WEB application development experience, the Taobao system adopts a new architectural design and namespace mechanism, the integration of modular, driven and...

Command Execution Vulnerability in WeiPHP

WeiPHP is a microsoft development platform, which is based on oneThink, a content management framework. WeiPHP has a command execution vulnerability that can be exploited by attackers to gain control of the server...

File upload vulnerability exists in HKCMS (CNVD-2021-26307)

HKCMS is an open source content management system developed on the basis of Thinkphp 5.0 framework, using an independent grouping approach. HKCMS suffers from a file upload vulnerability that can be exploited by attackers to gain control of the server...

Stack overflow vulnerability in the se*** interface of the Tenda 11AC 1200MBPS wireless panelized AP (CNVD-2021-25917)

hereinafter referred to as "Tengda" was founded in 1999, is a professional supplier of network communication equipment and solutions, but also the research and development, production, supply, sales and service in one of the high-tech enterprises. A stack overflow vulnerability exists in the se...

File Upload Vulnerability in UPUPOO Application

UPUPOO Dynamic Desktop is a computer dynamic desktop software, also translated as ah poof ah poof. The UPUPOO application suffers from a file upload vulnerability that can be exploited by an attacker to gain control of the server...

360 Security Browser suffers from dll hijacking vulnerability (CNVD-2021-11807)

360 Security Browser 360 Security Browser is a browser based on the dual kernel of IE and Chrome launched by 360 Security Center, which is a product of cooperation between Window of the World developer Phoenix Studio and 360 Security Center. 360 Security Browser has a dll hijacking vulnerability,...

File Upload Vulnerability in RoadFlow Workflow System

RoadFlow is an integrated workflow engine ASP.NET CORE MVC rapid development framework . A file upload vulnerability exists in the RoadFlow workflow system that can be exploited by an attacker to gain control of the server...

Tiger Tooth Live PC Extreme Client suffers from dll hijacking vulnerability

Tiger Tooth Live PC Extreme Client is a game live streaming software. Tiger Tooth Live PC Extreme Client suffers from a dll hijacking vulnerability. An attacker can exploit this vulnerability to gain control of the server...

Google Android Framework elevation of privilege vulnerability (CNVD-2021-30152)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit this vulnerability to gain...