openSUSE 15 Security Update : opera (openSUSE-SU-2021:1221-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1221-1 advisory. - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a...

The vulnerability of the Adobe Photoshop graphic editor lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to perform arbitrary…

The vulnerability of the Adobe Photoshop graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2021-36981

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code...

Oracle Linux 7 : libX11 (ELSA-2021-3296)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3296 advisory. 1.6.7-4 - Fix CVE-2021-31535 1962438 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

CVE-2020-19002

Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632...

Code injection

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

USN-5048-2: Inetutils vulnerability

USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes ...

CVE-2020-18897

An use-after-free vulnerability in the libpffitemtreecreatenode function of libyal Libpff before 20180623 allows attackers to cause a denial of service DOS or execute arbitrary code via a crafted pff file...

Design/Logic Flaw

An use-after-free vulnerability in the libpffitemtreecreatenode function of libyal Libpff before 20180623 allows attackers to cause a denial of service DOS or execute arbitrary code via a crafted pff file...

CVE-2020-18897

An use-after-free vulnerability in the libpffitemtreecreatenode function of libyal Libpff before 20180623 allows attackers to cause a denial of service DOS or execute arbitrary code via a crafted pff file...

CVE-2020-18897

An use-after-free vulnerability in the libpffitemtreecreatenode function of libyal Libpff before 20180623 allows attackers to cause a denial of service DOS or execute arbitrary code via a crafted pff file...

CVE-2020-25928

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...

Adobe Bridge out-of-bounds write vulnerability (CNVD-2021-63281)

Adobe Bridge, a free digital asset management application from Adobe, is vulnerable to an out-of-bounds write vulnerability in Adobe Bridge 11.1 and earlier. An attacker could exploit the vulnerability to execute arbitrary code...

CVE-2021-22156

An integer overflow vulnerability in the calloc function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform SDP versions 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to...

CVE-2020-18703

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'...

Cross site scripting

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-13871 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker...

CVE-2020-18758

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code...