CVE-2021-3918

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

EulerOS Virtualization 2.9.0 : libX11 (EulerOS-SA-2021-2780)

According to the versions of the libX11 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11...

EulerOS Virtualization 2.9.1 : libX11 (EulerOS-SA-2021-2744)

According to the versions of the libX11 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11...

USN-5139-1: Linux kernel (OEM 5.10) vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

Privilege escalation

BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file...

CVE-2020-23572

BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file...

Buffer overflow

Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code...

Cross site scripting

Cross Site Scripting XSS vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname...

Nvidia vGPU Software Resource Management Error Vulnerability

Nvidia vGPU Software is a management software from Nvidia Corporation for providing GPU capabilities to virtual machines. NVIDIA vGPU software is vulnerable to a resource management error that could be exploited by attackers to execute arbitrary code that affects integrity and availability...

RHEL 7 : devtoolset-10-gcc (RHSA-2021:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4039 advisory. The GNU Compiler Collection GCC is a portable compiler suite with support for various programming languages, including C, C++, and Fortran. The...

CVE-2021-26740

Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code...

CVE-2021-26740

Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code...

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

Updated ffmpeg packages fix security vulnerability

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. CVE-2020-20446 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service...

CVE-2020-22079

Stack-based buffer overflow in Tenda AC-10U AC1200 Router USAC10UV1.0RTLV15.03.06.48multiTDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg...

CVE-2020-22079

Stack-based buffer overflow in Tenda AC-10U AC1200 Router USAC10UV1.0RTLV15.03.06.48multiTDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. Google has not published substantive...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2021-85265)

Adobe InDesign is a desktop publishing DTP application from Adobe that is primarily used for typesetting and editing a variety of printed materials. A buffer overflow vulnerability exists in Adobe InDesign. An attacker can exploit this vulnerability to execute arbitrary code...

Adobe Animate out-of-bounds write vulnerability (CNVD-2021-84298)

Adobe Animate, a multimedia creation and computer animation program, is vulnerable to an out-of-bounds write vulnerability in Adobe Animate 21.0.9 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...