Mageia: Security Advisory (MGASA-2021-0256)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0054)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

log4j security update

0:1.2.14-6.4.1 - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 Orabug: 33689748...

The vulnerability of NETGEAR CBR40, CBR750, EAX20, EAX80, LAX20, MR60, MR80, MS60, MS80, MK62, MK83, R6400, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, RBS850, RS400, XR1000, XR300 are related to insufficient cleaning of input data, allowing attackers to execute arbitrary commands.

The vulnerability of Microprogrammed Wi-Fi router software from NETGEAR, including models CBR40, CBR750, EAX20, EAX80, LAX20, MR60, MR80, MS60, MS80, MK62, MK83, R6400, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2,...

Design/Logic Flaw

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...

Security Updates for Exchange (January 2022)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary code. %NASLMINLEVEL 70300 C Tenable, Inc...

CVE-2022-21960

Windows Resilient File System ReFS Remote Code Execution Vulnerability...

Description of the security update for Office 2013: January 11, 2022 (KB5002124)

Description of the security update for Office 2013: January 11, 2022 KB5002124 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-21840. Note: To apply thi...

Description of the security update for Excel 2013: January 11, 2022 (KB5002128)

Description of the security update for Excel 2013: January 11, 2022 KB5002128 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-21840. Note: To apply this...

Description of the security update for SharePoint Server Subscription Edition Language Pack: January 11, 2022 (KB5002110)

Description of the security update for SharePoint Server Subscription Edition Language Pack: January 11, 2022 KB5002110 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

Samsung SMR安全漏洞

Samsung Knox Guard is a security solution based on the open-source Android platform from South Korea's Samsung Samsung, which can comprehensively enhance security through a combination of physical means and software systems, and is perfectly compatible with the Android and Google ecosystems,...

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description I can create links using the Web links feature. However, since the input value is not URL-encoded, the onfocus and autofocus properties can be used by escaping the properties of the "A" tag using double quotation marks ". Proof of Concept txt...

VideoOffice Arbitrary File Download and Execution Vulnerability

VideoOffice is Internet video conferencing. VideoOffice suffers from an arbitrary file download and execution vulnerability that stems from a lack of support for integrity checking. No detailed vulnerability details are available at this time...

CVE-2020-7878

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions CVE-2020-7878. This issue is due to missing support for integrity check...

Bentley Systems Bentley View 资源管理错误漏洞

Bentley View, a free viewer from Bentley Systems, Inc. A security vulnerability exists in Bentley View 3DS file parsing, which is caused by not verifying the existence of an object before performing an operation on it. An attacker could exploit this vulnerability to execute code in the context of...

Veritas Enterprise Vault Code Execution Vulnerability (CNVD-2021-95586)

Veritas Enterprise Vault is an enterprise-grade file protection, archiving automation software from Veritas, USA. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and earlier versions, where Enterprise Vault application startup launches multiple services that listen for commands...

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:3886-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3886-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in...

CVE-2020-29176

An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...

Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance ODA ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance ODA Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...