SRC-2022-0006 : VMware Workspace ONE Access OAuth2TokenResourceController ACS Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2TokenResourceController class. The issue results...

Vulnerabilities fixed in Cobbler

The Cobbler project has fixed two vulnerabilities. A local malicious party can exploit the vulnerabilities to view configuration files or locally execute arbitrary code execute arbitrary code under the application's permissions. A third vulnerability was also found, CVE-2021-45081. There are...

CVE-2021-46651

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2022-24366

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Arbitrary Code Execution in Docker

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

TP-Link TL-WR940N Buffer Overflow Vulnerability

Tp-link TP-Link TL-WR940N is a wireless router from China P&L Tp-link. The TP-Link TL-WR940N suffers from a buffer overflow vulnerability that stems from a lack of proper validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer. An attacker could...

Authentication flaw

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...

CVE-2021-41445

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim...

Bentley MicroStation CONNECT Out-of-Bounds Write Vulnerability (CNVD-2022-30766)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, U.S.A. An out-of-bounds write vulnerability exists in Bentley MicroStation CONNECT, which could be exploited by an attacker to trigger, via crafted data in a PN image an out-of-bounds...

Bentley Systems Bentley View Resource Management Error Vulnerability (CNVD-2022-77007)

Bentley Systems Bentley View is a free viewer from Bentley Systems, Inc. Bentley Systems Bentley View is vulnerable to a resource management error that could be exploited by an attacker to execute code in the context of the current process...

Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16161)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation that can be exploited by an attacker to execute code in the context of the current process...

Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-15815)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation that can be exploited by an attacker to execute code in the context of the current process...

Bentley Systems Bentley View Buffer Overflow Vulnerability (CNVD-2022-15835)

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View that can be exploited by an attacker to execute code in the context of the current process...

Bentley Systems Bentley View Buffer Overflow Vulnerability (CNVD-2022-15834)

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View that can be exploited by an attacker to execute code in the context of the current process...

Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16159)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation that can be exploited by an attacker to execute code in the context of the current process...

Bentley Systems Bentley View Resource Management Error Vulnerability (CNVD-2022-77006)

Bentley Systems Bentley View is a free viewer from Bentley Systems, Inc. A resource management error vulnerability exists in Bentley Systems Bentley View, which originally failed to verify the existence of an object before performing further free operations on the object, and could be exploited b...

CVE-2021-46158

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

Siemens OpenSSL Vulnerability in Industrial Products

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...