Huawei EulerOS: Security Advisory for open-iscsi (EulerOS-SA-2021-1762)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-2638 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to insecure privilege management in the Hyper-V component of the Windows operating system. Exploitation of this issue may allow a remote attacker to execute...

Valve Steam 缓冲区错误漏洞

Valve Steam is a suite of game distribution management platforms from Valve Corporation in the United States. The platform provides digital rights management, multiplayer, streaming, and social networking services. A buffer overflow vulnerability exists in Valve Steam version 2021-04-10 and earli...

Information disclosure

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details secti...

Cisco Link Layer Discovery Protocol 缓冲区错误漏洞

Cisco Link Layer Discovery Protocol is a router from Cisco USA. A buffer overflow vulnerability exists in Cisco Link Layer Discovery Protocol, which can be exploited by an unauthenticated, neighboring attacker to execute arbitrary code...

Buffer overflow

Buffer overflow vulnerability in sniffchannelorder function in aacdectemplate.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code local...

CVE-2020-24995

Buffer overflow vulnerability in sniffchannelorder function in aacdectemplate.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code local...

CVE-2020-24995

Buffer overflow vulnerability in sniffchannelorder function in aacdectemplate.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code local...

CVE-2021-27261

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Unspecified vulnerability in oria gridx

sheila1227 gridx is sheila1227 an open source application . For fast rendering , good modular and plug-in based architecture of the Grid. oria gridx 1.3 security vulnerability , a remote attacker can be exploited to execute arbitrary code through the $query parameter carefully set the value...

CVE-2021-27239

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on...

Buffer Overflow Vulnerability in Various Esri Products (CNVD-2021-39523)

ESRI ArcGIS Enterprise and others are products of Environmental Systems Research Institute ESRI, Inc.ArcGIS Enterprise is a GIS Geographic Information System base software system.Esri Arcgis Server is a Web-oriented enterprise software platform that can be used to provide geolocation services. Es...

USN-4888-2: ldb vulnerabilities

USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue t...

CVE-2021-1375

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

USN-4856-1: docker-credential-helpers vulnerability

Jasiel Spelman discovered that docker-credential-helpers has a double free. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code...

USN-4822-1: Firebird vulnerability

It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code...

CVE-2020-28149

myDBR 5.8.3/4262 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: CSRF Token. The attack vector is: CSRF token injection to XSS...

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all...

Design/Logic Flaw

Use After Free vulnerability in iscsisnapshotcommcore in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests...