CVE-2020-21322

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file...

Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)

Summary The libXml2 library used by Identity Insight has a potential use-after-free vulnerability that could be exploited by an attacker using a crafted input file. Vulnerability Details CVEID: CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the...

CVE-2020-21480

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2020-21322

CVE-2020-21322 is an arbitrary file upload vulnerability in Feehi CMS v2.0.8 and earlier that allows an attacker to execute arbitrary PHP code via a crafted file. Affected: Feehi CMS (PHP-based). Root cause: improper handling of uploaded files enabling code execution. Impact: remote code executio...

CVE-2020-21125

CVE-2020-21125 corresponds to an arbitrary file creation vulnerability in UReport 2.2.9. The connected documents consistently describe this as a vulnerability in a Java-based reporting engine that could permit an attacker to cause arbitrary code execution through file creation. The affected produ...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

Adobe InDesign memory out-of-bounds access vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for typesetting and editing of various printed materials. Adobe InDesign is vulnerable to a memory out-of-bounds access vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...

CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...

Buffer overflow

A vulnerability has been identified in APOGEE MBC PPC P2 Ethernet All versions = V2.6.3, APOGEE MEC PPC P2 Ethernet All versions = V2.6.3, APOGEE PXC Compact BACnet All versions = V2.8, APOGEE PXC Modular BACnet All versions = V2.8, TALON TC Compact BACnet All versions V3.5.3, TALON TC Modular...

KLA12297 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Open Management...

GPAC Heap Buffer Overflow Vulnerability (CNVD-2021-79754)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. a heap buffer overflow vulnerability exists in the URLGetProtocolType function in GPAC version 1.0.1. An attacker could exploit this vulnerability via specially crafted files to cause a denial of service or...

Stack overflow

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

CVE-2021-32137

Heap buffer overflow in the URLGetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

Heap overflow

Heap buffer overflow in the URLGetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

LSN-0081-1: Kernel Live Patch Security Notice

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.CVE-2021-3653 Maxim...

KLA12280 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Stack buffer overflow vulnerability in ANGLE can be exploited t...

Stack overflow

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS...

ROS-2-852

2.852 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...

ROS-2-1494

2.1494 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...