Xiaomi AX3600 Buffer Overflow Vulnerability

Xiaomi AX3600 is a router. Xiaomi AX3600 is vulnerable to a buffer error vulnerability that exists in librsa.so called by the getWifiPwdUrl interface. An attacker could exploit the vulnerability to execute code...

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of a number of Dell products. These vulnerabilities allow a local malicious person to able to access sensitive information and execute execute arbitrary code. Dell has released updates to fix the vulnerabilities. More information can be found on the pag...

CVE-2021-39275

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. Mitigation Mitigation for this issue is either no...

UReport Arbitrary File Creation Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

vim post-release reuse vulnerability (CNVD-2021-99302)

Vim is a powerful and highly customizable text editor, an improved version of vi that improves upon and adds many features to Vi. vim version 8.2.3425 is vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to execute code...

Siemens STAR-CCM+ Viewer Out-of-Bounds Write Vulnerability

Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. An out-of-bounds write vulnerability exists in Siemens STAR-CCM+ Viewer, which can be exploited by an attacker to execute code in the context of the...

Delta Electronics DOPSoft 2 Out-of-Bounds Write Vulnerability

Delta Electronics DOPSoft is a set of human-machine interface HMI software from Delta Electronics in Taiwan, China. An out-of-bounds write vulnerability exists in Delta Electronics DOPSoft 2, which can be exploited by an attacker to execute code in the context of the current process...

QNAP NAS 缓冲区错误漏洞

QNAP NAS is an accessible and fast storage solution from QNAP China. A security vulnerability exists in QNAP NAS that stems from a boundary error. A remote, unauthenticated attacker could send a specially crafted request to trigger a stack-based buffer overflow and execute arbitrary code on the...

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host and execute arbitrary code. Citrix has released updates to fix the vulnerabilities. More information ca...

CVE-2021-30717

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code...

CVE-2021-30784

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip...

CVE-2021-33015

Cscape All Versions prior to 9.90 SP5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-31338

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows a malicious party located within the victim's network is able to execute arbitrary code by providing a specially prepared image. Fortinet has released updates to fix the vulnerability. More information can be found on the page...

Adobe XMP Toolkit SDK Arbitrary Write Vulnerability

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2020.1 and earlier versions are vulnerable to arbitrary writes. An attacker could exploit this vulnerability to execute arbitrary code...

openSUSE 15 Security Update : rpm (openSUSE-SU-2021:2682-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds...

SUSE SLED15 / SLES15 Security Update : rpm (SUSE-SU-2021:2682-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-boun...

Beckhoff Twincat Incorrect Default Permissions

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

Magento Commerce跨站脚本漏洞

Magento Commerce is to provide a first-class shopping experience without the need for developer support. Magento Commerce suffers from a cross-site scripting vulnerability that exists due to insufficient cleaning of user-supplied data. A remote attacker can exploit this vulnerability to inject an...

Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...