CVE-2021-46158

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

Siemens OpenSSL Vulnerability in Industrial Products

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Korenix Technology Korenix JetWave 安全漏洞

Korenix Technology Korenix JetWave is a series of wireless access points from Korenix Technology. A security vulnerability exists in Korenix JetWave that stems from the software's lack of authentication of user data. An authenticated user can execute arbitrary code via syscmd.asp...

CVE-2021-23521

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In...

Mageia: Security Advisory (MGASA-2015-0012)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...

Mageia: Security Advisory (MGASA-2015-0029)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Construction Industry Solutions Conis Construction Cloud跨站脚本漏洞

Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. A cross-site scripting vulnerability exists in Construction Industry Solutions Conis Construction Cloud, which stems from the lack of proper...

showdoc cross-site scripting vulnerability

showdoc is an open source tool ideal for IT teams to share documents online. showdoc suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute client-side code...

CVE-2022-23220

USBView 2.1 before 2.2 allows some local users e.g., ones logged in via SSH to execute arbitrary code as root because certain Polkit settings e.g., allowany=yes for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu,...

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18214)

MySQL Cluster is a highly functional and redundant version of Oracle's MySQL for distributed computing environments. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to execute code in the context of a service account...

httpd: Out-of-bounds write in ap_escape_quotes() via malicious input

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...

CVE-2021-44742

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Adobe Acrobat Reader Dc 资源管理错误漏洞

Adobe Acrobat Reader Dc is a Pdf reading tool from the American company Adobe. It is used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc suffers from a resource management error vulnerability, which stems from a post-release usage error when processing PDF files. A...

Adobe Acrobat and Reader 资源管理错误漏洞

Adobe Reader also known as Acrobat Reader is a PDF file reader software developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a resource management error vulnerability, which can be exploited by remote attackers to Creating specially crafted PDF...

Sourcecodester Vehicle Service Management System Cross-Site Scripting Vulnerability (CNVD-2022-02806)

Sourcecodester Vehicle Service Management System is an open source PHP project. Sourcecodester Vehicle Service Management System has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers t...

CodeIgniter code issues vulnerabilities

CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...

SonicWall SonicOS 缓冲区错误漏洞

Sonicwall SonicOS is an operating system designed for SonicWall firewall appliances from SonicWall USA. A security vulnerability exists in SonicWall SonicOS that originates from a boundary error in the system's handling of HTTP Content-Length response headers. A remote, unauthenticated attacker...

CVE-2021-22045

VMware ESXi 7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG, VMware Workstation 16.2.0 and VMware Fusion 12.2.0 contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able t...