Nodejs Dll hijacking vulnerability

Node.js is an open source and cross-platform JavaScript runtime environment. nodejs suffers from a Dll hijacking vulnerability, which can be exploited by attackers to inject malicious dlls into nodejs and execute code within Nodejs...

SAP Business One client 注入漏洞

SAP Business One is the German SAP SAP company's set of financial management, operations management and human resources management and other functions of enterprise management software. A code injection vulnerability exists in SAP Business One, which can be exploited by a remote attacker to submi...

Piwigo 代码注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A code injection vulnerability exists in Piwigo version 11.5.0, which can be exploited by an attacker to execute code...

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges...

Apple iOS and iPadOS Buffer Overflow Vulnerability

Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges...

CVE-2022-1824

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

Oracle Linux 8 : olcne (ELSA-2022-9494)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9494 advisory. 1.4.5-1 - Address qemu CVE-2022-26353, CVE-2021-3748 Tenable has extracted the preceding description block directly from the Oracle Linux security...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2083-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2083-1 advisory. - An issue was discovered in the Linux kernel before 5.0.6. In rxqueueaddkobject and netdevqueueaddkobject in net/core/net-sysfs.c,...

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in several Microsoft Office products. The table below lists the vulnerabilities that have been fixed by Microsoft with the corresponding CVSSv3 scores. Misuse of the vulnerabilities in SharePoint requires prior authentication. Abuse of the vulnerabilities in Excel...

Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability

The Universal 3D U3D component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service DoS...

Microsoft Office Object Record Corruption Vulnerability

Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object...

UBUNTU-CVE-2022-1652

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the badflpintr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...

CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service DoS via a crafted website...

CVE-2021-42704

Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code...

Out-of-bounds

Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code...

CVE-2021-42704 Inkscape Out-of-bounds Write

Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code...

ROS-20220518-01

A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...

Formidable arbitrary file upload

Withdrawn: This advisory was improperly assigned. An arbitrary file upload vulnerability in formidable v3.2.4 allows attackers to execute arbitrary code via a crafted filename...