CVE-2021-25200

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\studentavatar.php...

CVE-2021-25208

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php...

CVE-2021-25203

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\adminaddpost.php...

CVE-2021-30110

dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates...

Ubuntu: Security Advisory (USN-5015-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : GNU binutils vulnerabilities (USN-4336-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4336-2 advisory. USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the...

CVE-2021-3246

A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file...

openSUSE 15 Security Update : libX11 (openSUSE-SU-2021:1897-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1897-1 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor...

Amazon Linux 2 : libX11 (ALAS-2021-1686)

The version of libX11 installed on the remote host is prior to 1.6.7-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1686 advisory. A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in som...

CVE-2021-34828

CVE-2021-34828 affects D-Link DAP-1330 (firmware 1.13B01 BETA). The flaw is in handling of the SOAPAction HTTP header, caused by insufficient validation of the length of user-supplied data copied into a fixed-length buffer. This enables network-adjacent attackers with no authentication to execute...

Integer overflow

Integer overflow vulnerability in function JsiObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code...

Microsoft Windows Print Spooler Code Execution Vulnerability

Windows Print Spooler is a printer background handler for Windows. A code execution vulnerability exists in Microsoft Windows Print Spooler due to a Windows Print Spooler RpcAddPrinterDriverEx Failure to Properly Execute Privileged File Vulnerability, which allows remote attackers to exploit the...

Advisory ROSA-SA-2021-1817

Software: cups-filters 1.0.35 OS: Cobalt 7.9 CVE-ID: CVE-2013-6473 CVE-Crit: MEDIUM CVE-DESC: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 through 1.0.47 allow remote attackers to execute arbitrary code across a large 1 page or 2 lines in a URF file...

CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

Design/Logic Flaw

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

Facebook Hermes Input Validation Error Vulnerability

Facebook Hermes is a JavaScript engine from Facebook, Inc. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but is not applicable to server-side infrastructures such as browsers ＆ Node.js. An input validation error vulnerability...

CVE-2021-31480

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

SUSE SLES11 Security Update : kvm (SUSE-SU-2020:14396-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14396-1 advisory. - In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when...

Interactive Graphical SCADA System (IGSS) out-of-bounds write vulnerability (CNVD-2021-42158)

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...