CVE-2020-22790

CVE-2020-22790 is an authenticated stored XSS in Safe FME Server (2019.2 and 2020.0 Beta). The vulnerability arises from allowing an attacker to inject arbitrary script/HTML by modifying a user’s name, with the XSS triggered when an administrator views the logs. The affected product is Safe FME S...

CVE-2021-22678

Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process...

Valve Steam Buffer Overflow Vulnerability

Valve Steam is a suite of game distribution management platforms from Valve Corporation in the United States. The platform provides digital rights management, multiplayer, streaming, and social networking services. A buffer overflow vulnerability exists in Valve Steam version 2021-04-10 and earli...

Vulnerability fixed in x.org

A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...

Parallels Desktop Toolgate Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgat...

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...

Netgear NETGEAR 缓冲区错误漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in the NETGEAR Nighthawk R7800 that could allow a network neighbor attacker to execute arbitrary code on the...

CVE-2021-22505

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent...

Privilege escalation

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1743)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bosch Video Client Code Issue Vulnerability

Bosch Video Client is an application from the German company Bosch. It is used to display cameras connected to the network in real time. A code issue vulnerability exists in Bosch Video Client, which can be exploited by an attacker to execute arbitrary code on a victim's system...

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.

...

Fedora 33 : rpm (2021-8d52a8a999)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8d52a8a999 advisory. - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

Cisco IOS XE Local Elevation of Privilege Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...

USN-4814-1: Asterisk vulnerabilities

Richard Mudgett discovered that Asterisk did not properly check the length of input string when setting the user field for PartyB on a CDR. A remote attacker could use this vulnerability to cause a denial of service crash or potentially execute arbitrary code. CVE-2017-16671 Alex Villacis Lasso...

USN-4769-1: Salt vulnerabilities

It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3563 Andreas Stieger discovered that Salt...

Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)

Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. Vulnerability Details CVEID: CVE-2020-4701 DESCRIPTION: I...

Microsoft Windows RRAS Service MIBEntryGet Overflow

This module exploits an overflow in the Windows Routing and Remote Access Service RRAS to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windows Server...

HCL Domino 安全漏洞

HCL Software HCL Domino is an application software from India HCL Software. It provides a platform for application development. A security vulnerability exists in HCL Domino, which can be exploited by an attacker to trigger a buffer overflow, which can lead to a denial of service and potentially...

Vulnerabilities fixed in LibTIFF

Vulnerabilities have been fixed in LibTIFF. The vulnerabilities enable an unauthenticated remote malicious agent to opportunity to cause a denial-of-service or potentially execute arbitrary code under user privileges. The malicious party to do this must induce the victim to open a rogue TIFF file...