CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

The vulnerability of the client_upgrade_edition.php and Upgrade.php components of the QibosoftX1 content management system, related to improper code generation, allows a hacker to execute arbitrary PHP code.

The vulnerability of the clientupgradeedition.php and Upgrade.php components of the QibosoftX1 content management system is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code...

Debian DLA-2718-1 : intel-microcode - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2718 advisory. This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalati...

CVE-2018-3639

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in the dialog box handling on Windows component of the Chromium...

IBM i2 iBase 代码问题漏洞

IBM i2 iBase is a data analysis application from IBM Corporation. The software provides flexible data acquisition and visualization tools for data analysis. i2 iBase has a code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system...

CVE-2019-20467

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available which is not advertised or functionally used, but is nevertheless available. Two backdoor accounts root and default exist that can be used on this...

D-LINK DIR-3040 Trust Management Issue Vulnerability

The D-Link DIR-3040 is a router from AUO D-Link of Taiwan, China. It provides the function of connecting to a network. A trust management issue vulnerability exists in Libcli for D-LINK DIR-3040 1.13B03, which stems from a specially designed network request can lead to code execution. No detailed...

openSUSE 15 Security Update : rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1759-1 advisory. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or...

Siemens Solid Edge Heap Buffer Overflow Vulnerability

Siemens Solid Edge is a group of software tools for dealing with various product development processes: 3D design, simulation, manufacturing and design management. A heap buffer overflow vulnerability exists in Siemens Solid Edge. In the affected application, the PLMXMLADATESE70.DLL library lacks...

Command Execution Vulnerability in qimengcms Backend

qimengcms is a content management system. A command execution vulnerability exists in the qimengcms backend, which can be exploited by an attacker to gain site privileges...

OPENSUSE-SU-2021:1995-1 Security update for xstream

This update for xstream fixes the following issues: Upgrade to 1.4.17 - CVE-2021-29505: Fixed potential code execution when unmarshalling with XStream instances using an uninitialized security framework bsc1186651...

OPENSUSE-SU-2021:1024-1 Security update for openscad

This update for openscad fixes the following issues: - CVE-2020-28600: A specially crafted STL file could lead to code execution via out-of-bounds write in importstl.cc:importstl bsc1185975...

Extreme CMS suffers from a command execution vulnerability (CNVD-2021-52075)

Extreme CMS abbreviation: JIZHICMS is a free and open source PHP website building CMS system. Extreme CMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...

Aruba ClearPass Policy Manager Command Execution Vulnerability (CNVD-2021-50091)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager has a security vulnerability that allows remote authenticated users to arbitrarily run commands on the underlying host...

CVE-2021-34614

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

Command Execution Vulnerability in TopGate500 at Skyrise Technology Group

Founded in 1995 as the first network security enterprise in China, Skyrun Technology Group has become a leading network security, big data and cloud service provider in China. A command execution vulnerability exists in TopGate500 of Tianrongxin Technology Group, which can be exploited by an...

Command Execution Vulnerability in PatrolFlow Multiservice Security Gateway Intelligent Management Platform of Byzoro Networks (CNVD-2021-51332)

Beijing Byzoro Network Technology Co., Ltd. is a high-tech enterprise dedicated to building the next-generation secure Internet. A command execution vulnerability exists in the PatrolFlow multi-service security gateway intelligent management platform of Byzoro Networks, which can be exploited by...

Command Execution Vulnerability in Internet Behavior Management System of Tianrongxin Technology Group (CNVD-2021-51352)

Skyrise Technology Group is a leading provider of network security, big data and security cloud services in China. A command execution vulnerability exists in the Internet behavior management system of Tianrongxin Technology Group, which can be exploited by an attacker to gain control of a server...

Microsoft Windows Print Spooler Code Execution Vulnerability

Windows Print Spooler is a printer background handler for Windows. A code execution vulnerability exists in Microsoft Windows Print Spooler due to a Windows Print Spooler RpcAddPrinterDriverEx Failure to Properly Execute Privileged File Vulnerability, which allows remote attackers to exploit the...