Mageia: Security Advisory (MGASA-2015-0029)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0012)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...

Construction Industry Solutions Conis Construction Cloud跨站脚本漏洞

Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. A cross-site scripting vulnerability exists in Construction Industry Solutions Conis Construction Cloud, which stems from the lack of proper...

showdoc cross-site scripting vulnerability

showdoc is an open source tool ideal for IT teams to share documents online. showdoc suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute client-side code...

CVE-2022-23220

USBView 2.1 before 2.2 allows some local users e.g., ones logged in via SSH to execute arbitrary code as root because certain Polkit settings e.g., allowany=yes for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu,...

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18214)

MySQL Cluster is a highly functional and redundant version of Oracle's MySQL for distributed computing environments. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to execute code in the context of a service account...

httpd: Out-of-bounds write in ap_escape_quotes() via malicious input

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...

CVE-2021-44742

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Adobe Acrobat Reader Dc 资源管理错误漏洞

Adobe Acrobat Reader Dc is a Pdf reading tool from the American company Adobe. It is used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc suffers from a resource management error vulnerability, which stems from a post-release usage error when processing PDF files. A...

Adobe Acrobat and Reader 资源管理错误漏洞

Adobe Reader also known as Acrobat Reader is a PDF file reader software developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a resource management error vulnerability, which can be exploited by remote attackers to Creating specially crafted PDF...

Sourcecodester Vehicle Service Management System Cross-Site Scripting Vulnerability (CNVD-2022-02806)

Sourcecodester Vehicle Service Management System is an open source PHP project. Sourcecodester Vehicle Service Management System has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers t...

CodeIgniter code issues vulnerabilities

CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...

SonicWall SonicOS 缓冲区错误漏洞

Sonicwall SonicOS is an operating system designed for SonicWall firewall appliances from SonicWall USA. A security vulnerability exists in SonicWall SonicOS that originates from a boundary error in the system's handling of HTTP Content-Length response headers. A remote, unauthenticated attacker...

CVE-2021-22045

VMware ESXi 7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG, VMware Workstation 16.2.0 and VMware Fusion 12.2.0 contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able t...

CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API...

Out-of-bounds

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability...

CVE-2021-36336

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system...

Security Bulletin: Log4JShell Vulnerability affects Watson Knowledge Catalog InstaScan (CVE-2021-44228)

Summary There is a vulnerability in the version of Apache Log4j that was included in Watson Knowledge Catalog InstaScan. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...