The vulnerability of the Adobe Photoshop CC graphic editor, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop CC graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to access gain access to system data, or execute arbitrary code with the application's permissions. To do this, the malicious party must trick the victim into opening a rogue file...

Medium: rpm

Issue Overview: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highes...

Siemens JT2Go and Teamcenter Visualization Post-Release Reuse Vulnerability

Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A post-release reuse vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...

Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2021-53347)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of the German company Siemens. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds read vulnerability...

CVE-2021-34315

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an...

Default credentials

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The Tiffloader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an...

Default credentials

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an...

Adobe Acrobat 资源管理错误漏洞

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-32538 ARTWARE CMS - Unrestricted Upload of File

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly...

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

IBM Security Sevret Server 缓冲区错误漏洞

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. IBM Security Secret Server suffers from a buffer overflow vulnerability tha...

Apple macOS AppleIntelKBLGraphics IOCTL 0x20006 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling ...

Dell BIOSConnect feature 缓冲区错误漏洞

DELL Dell BIOSConnect is a base platform from Dell USA that enables the BIOS to connect to Dell's HTTP backend and load images via the HTTP method. A buffer error vulnerability exists in the Dell BIOSConnect feature that allows a malicious administrator user with local access to the system to run...

Autodesk Design Review 资源管理错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drawing software assist software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...

CVE-2021-32948

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK All versions prior to 2022.4 resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-servic...

Ec-cube cross-site scripting vulnerability (CNVD-2021-46277)

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...

CVE-2021-31486

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-26995

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code...