CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...

Buffer overflow

A vulnerability has been identified in APOGEE MBC PPC P2 Ethernet All versions = V2.6.3, APOGEE MEC PPC P2 Ethernet All versions = V2.6.3, APOGEE PXC Compact BACnet All versions = V2.8, APOGEE PXC Modular BACnet All versions = V2.8, TALON TC Compact BACnet All versions V3.5.3, TALON TC Modular...

GPAC Heap Buffer Overflow Vulnerability (CNVD-2021-79754)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. a heap buffer overflow vulnerability exists in the URLGetProtocolType function in GPAC version 1.0.1. An attacker could exploit this vulnerability via specially crafted files to cause a denial of service or...

KLA12297 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Open Management...

Stack overflow

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

CVE-2021-32137

Heap buffer overflow in the URLGetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

Heap overflow

Heap buffer overflow in the URLGetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

LSN-0081-1: Kernel Live Patch Security Notice

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.CVE-2021-3653 Maxim...

KLA12280 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Stack buffer overflow vulnerability in ANGLE can be exploited t...

Stack overflow

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS...

ROS-2-852

2.852 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...

ROS-2-1494

2.1494 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...

openSUSE 15 Security Update : opera (openSUSE-SU-2021:1221-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1221-1 advisory. - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a...

CVE-2021-36981

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code...

Oracle Linux 7 : libX11 (ELSA-2021-3296)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3296 advisory. 1.6.7-4 - Fix CVE-2021-31535 1962438 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

CVE-2020-19002

Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632...

Code injection

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

USN-5048-2: Inetutils vulnerability

USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes ...