CVE-2021-21898

A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21900

A code execution vulnerability exists in the dxfRW::processLType functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

LibreCad libdxfrw dxfRW::processLType() use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1351 LibreCad libdxfrw dxfRW::processLType use-after-free vulnerability November 17, 2021 CVE Number CVE-2021-21900 SUMMARY A code execution vulnerability exists in the dxfRW::processLType functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A...

Mozilla Firefox Security Advisory (MFSA2011-52) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Description of the security update for Office Web Apps Server 2013: November 9, 2021 (KB5002065)

Description of the security update for Office Web Apps Server 2013: November 9, 2021 KB5002065 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-40442. Not...

Description of the security update for Excel 2016: November 9, 2021 (KB5002056)

Description of the security update for Excel 2016: November 9, 2021 KB5002056 Summary This security update resolves a Microsoft Excel remote code execution vulnerability and Microsoft Excel security feature bypass vulnerability. To learn more about the vulnerabilities, see the following security...

Mozilla Firefox Security Advisory (MFSA2021-10) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-10. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Fortinet FortiWeb Command Execution Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Oracle Shipping Execution Information Disclosure Vulnerability (CNVD-2025-02855)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. An information disclosure vulnerability exists in...

Command Execution Vulnerability in Neusoft Firewall

Neusoft Group Corporation is a software technology-based company with business focus on smart city, healthcare, smart car connectivity, and software products and services. A command execution vulnerability exists in Neusoft Firewall, which can be exploited by attackers to execute arbitrary comman...

CVE-2021-40994

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17491)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2021-40462 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

...

CVE-2021-40189

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/Theme Folder, where an attacker can access and execute arbitrary code...

PT-2021-23244 · Unknown · Ecoa Bas Controller

Name of the Vulnerable Software and Affected Versions: ECOA BAS controller affected versions not specified Description: The ECOA BAS controller is affected by an arbitrary file write and path traversal issue. Unauthenticated attackers can exploit this by using POST parameters to set arbitrary...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2021-76088)

PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS that stems from the failure of the website field of the product's podcast comment feature to properly...

CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Task Manager. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...