CVE-2021-33015

Cscape All Versions prior to 9.90 SP5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-31338

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows a malicious party located within the victim's network is able to execute arbitrary code by providing a specially prepared image. Fortinet has released updates to fix the vulnerability. More information can be found on the page...

Adobe XMP Toolkit SDK Arbitrary Write Vulnerability

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2020.1 and earlier versions are vulnerable to arbitrary writes. An attacker could exploit this vulnerability to execute arbitrary code...

openSUSE 15 Security Update : rpm (openSUSE-SU-2021:2682-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds...

SUSE SLED15 / SLES15 Security Update : rpm (SUSE-SU-2021:2682-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-boun...

Beckhoff Twincat Incorrect Default Permissions

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

Magento Commerce跨站脚本漏洞

Magento Commerce is to provide a first-class shopping experience without the need for developer support. Magento Commerce suffers from a cross-site scripting vulnerability that exists due to insufficient cleaning of user-supplied data. A remote attacker can exploit this vulnerability to inject an...

Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to access gain access to system data, or execute arbitrary code with the application's permissions. To do this, the malicious party must trick the victim into opening a rogue file...

Medium: rpm

Issue Overview: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highes...

Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2021-53347)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of the German company Siemens. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds read vulnerability...

Siemens JT2Go and Teamcenter Visualization Post-Release Reuse Vulnerability

Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A post-release reuse vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...

CVE-2021-34315

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an...

Default credentials

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an...

Default credentials

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The Tiffloader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an...

Adobe Acrobat 资源管理错误漏洞

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-32538 ARTWARE CMS - Unrestricted Upload of File

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly...

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

Apple macOS AppleIntelKBLGraphics IOCTL 0x20006 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling ...