125 matches found
PT-2023-12762 · Audiocodes · Audiocodes Device Manager Express
Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue was discovered that allows execution of commands. The "/BrowseFiles.php" API endpoint is vulnerable to a POST request with a cmd parameter set to "ssh" a...
CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added five security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from a security vulnerability th...
SUSE CVE-2016-4246
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...
CVE-2022-43422
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions
In yet another case of bring your own vulnerable driver BYOVD attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...
Unchecked Call Return Value
Lines of code Vulnerability details Impact The return value of a message call is not checked. Execution will resume even if the called contract throws an exception. If the call fails accidentally or an attacker forces the call to fail, this may cause unexpected behaviour in the subsequent program...
Solana Rbpf 安全漏洞
Solana Rbpf is a Rust Virtual Machine and Jit compiler for Ebpf programs from the Solana Foundation in Switzerland. A security vulnerability in Solana Rbpf versions 0.2.26 and 0.2.27, which stems from improper execution of the sdiv command, can be exploited by an attacker to cause severe...
CVE-2021-46603
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Design/Logic Flaw
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions CVE-2020-7878. This issue is due to missing support for integrity check...
CVE-2020-7880
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...
Github merge 安全漏洞
Github merge is a simple npm package that merges many sources into a target. merge suffers from a security vulnerability that can be exploited by an attacker for remote code execution...
hw: information disclosure on some Intel Atom processors
A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow ...
Import loops in account imports, nats-server DoS
This advisory is canonically Problem Description An export/import cycle between accounts could crash the nats-server, after consuming CPU and memory. This issue was fixed publicly in in November 2020. The need to call this out as a security issue was highlighted by snyk.io and we are grateful for...
Microsoft Excel 代码注入漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system with the privileges of the victim...
迈克菲 McAfee Total Protection 权限许可和访问控制问题漏洞
McAfee Total Protection MTP is a one-stop security suite. An arbitrary process execution vulnerability exists in McAfee Total Protection versions prior to 16.0.30. An attacker could exploit this vulnerability to bypass the MTP self-defense by elevating privileges and executing arbitrary code...
Scullyio Scully 注入漏洞
Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...
A flaw was found in the fix for CVE-2019-11135 in the Linux upstream kernel versions before 5.5 where the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0) but is not affected by the MDS issue (MDS_NO=1) the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.
...
Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.
UFIDA NC products are world-class high-end management software for group enterprises. A command execution vulnerability exists in UFIDA NC, which can be exploited by attackers to gain server control privileges...
Cybozu Desktop for Windows vulenerable to arbitrary code execution
Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...