IBM Security Sevret Server 缓冲区错误漏洞

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. IBM Security Secret Server suffers from a buffer overflow vulnerability tha...

Dell BIOSConnect feature 缓冲区错误漏洞

DELL Dell BIOSConnect is a base platform from Dell USA that enables the BIOS to connect to Dell's HTTP backend and load images via the HTTP method. A buffer error vulnerability exists in the Dell BIOSConnect feature that allows a malicious administrator user with local access to the system to run...

Autodesk Design Review 资源管理错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drawing software assist software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...

Ec-cube cross-site scripting vulnerability (CNVD-2021-46277)

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...

CVE-2021-32948

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK All versions prior to 2022.4 resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-servic...

CVE-2021-31486

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-26995

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code...

Netapp E-Series SANtricity OS Controller Software 安全漏洞

Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from NetApp, Inc. A security vulnerability exists that could be exploited by a privileged attacker to execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2013:1807-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default credentials

A vulnerability has been identified in Simcenter Femap 2020.2 All versions V2020.2.MP3, Simcenter Femap 2021.1 All versions V2021.1.MP3. The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an...

OpenText Brava! Desktop Untrusted Pointer Dereference Vulnerability

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An untrusted pointer dereference vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from failure to properly...

Schneider Electric homeLYnk和spaceLYnk 安全漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric, France. An input validation security vulnerability exists in the Schneider Electric spaceLYnk, which can be exploited by a remote attacker to submit a special request that can be used in the context of an...

RSA Archer 跨站脚本漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

Apple Boot Camp 缓冲区错误漏洞

Apple Boot Camp is an application from Apple USA. A utility program that comes with your Mac that allows you to switch between macOS and Windows. Apple Boot Camp suffers from a buffer error vulnerability that stems from a boundary error. A local user can run a specially designed program to trigge...

Siemens Solid Edge Untrustworthy Pointer Reference Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. An untrustworthy pointer reference vulnerability exists in Siemens Solid Edge. The vulnerability is due to the application lacking proper validation of user-supplied data when parsing PRT files. An attacker can exploit the vulnerabili...

CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data...

CVE-2021-31899

In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode...

CVE-2021-31446

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Parallels Desktop OTG Heap Buffer Overflow Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. A heap buffer overflow vulnerability exists in the Open Tools Gate component in Parallels Desktop version 15.1.5-47309. The vulnerability stems from a failure to properly validate the length of user-supplied data before...