CVE-2021-34775

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...

Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-40708

Adobe Genuine Service versions 7.3 and earlier are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this...

VMWare vCenter Server Arbitrary File Upload (CVE-2021-22005)

An arbitrary file upload vulnerability exists in VMWare vCenter Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VMware vCenter Server File Upload Vulnerability

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file...

FAAD2 Heap Buffer Overflow Vulnerability

Freeware Advanced Audio Decoder 2 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder licensed under the GPLv2 license. ltprediction function in ltpredict.c in FAAD2 2.10.0 and earlier versions is vulnerable to a heap buffer overflow vulnerability. An attacker could exploit this vulnerability t...

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics...

VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Xiaomi AX3600 Buffer Overflow Vulnerability

Xiaomi AX3600 is a router. Xiaomi AX3600 is vulnerable to a buffer error vulnerability that exists in librsa.so called by the getWifiPwdUrl interface. An attacker could exploit the vulnerability to execute code...

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of a number of Dell products. These vulnerabilities allow a local malicious person to able to access sensitive information and execute execute arbitrary code. Dell has released updates to fix the vulnerabilities. More information can be found on the pag...

CVE-2021-39275

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. Mitigation Mitigation for this issue is either no...

UReport Arbitrary File Creation Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

vim post-release reuse vulnerability (CNVD-2021-99302)

Vim is a powerful and highly customizable text editor, an improved version of vi that improves upon and adds many features to Vi. vim version 8.2.3425 is vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to execute code...

Siemens STAR-CCM+ Viewer Out-of-Bounds Write Vulnerability

Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. An out-of-bounds write vulnerability exists in Siemens STAR-CCM+ Viewer, which can be exploited by an attacker to execute code in the context of the...

Delta Electronics DOPSoft 2 Out-of-Bounds Write Vulnerability

Delta Electronics DOPSoft is a set of human-machine interface HMI software from Delta Electronics in Taiwan, China. An out-of-bounds write vulnerability exists in Delta Electronics DOPSoft 2, which can be exploited by an attacker to execute code in the context of the current process...

QNAP NAS 缓冲区错误漏洞

QNAP NAS is an accessible and fast storage solution from QNAP China. A security vulnerability exists in QNAP NAS that stems from a boundary error. A remote, unauthenticated attacker could send a specially crafted request to trigger a stack-based buffer overflow and execute arbitrary code on the...

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host and execute arbitrary code. Citrix has released updates to fix the vulnerabilities. More information ca...

CVE-2021-30717

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code...

CVE-2021-30784

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip...