Command Execution Vulnerability in Xiaodu Route AV Version

Xiaodu Router is a smart router product launched by Baidu, which can transmit cloud data at will and support remote download of audio and video resources. Xiaodu Router AV version has a command execution vulnerability, which can be exploited by attackers to obtain server control privileges...

SUSE-SU-2021:14758-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: Updated to Intel CPU Microcode 20210525 release: - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. bsc1179833 - CVE-2020-24511:...

BlueCMS suffers from a command execution vulnerability (CNVD-2021-48546)

BlueCMS is a portal system applied to local classified information, the development language architecture is php mysql architecture. BlueCMS has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

BlueCMS suffers from a command execution vulnerability (CNVD-2021-48545)

BlueCMS is a portal system applied to local classified information, the development language architecture is php mysql architecture. BlueCMS has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox.. This vulnerability...

CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox.. This vulnerability...

Type confusion

A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox.. This vulnerability...

CVE-2021-29955

The CVE-2021-29955 FPVI vulnerability affects Mozilla Firefox and Firefox ESR, described as a transient execution flaw that could leak arbitrary memory addresses and potentially enable JIT type confusion. Affected versions include Firefox ESR < 78.9 and Firefox

CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox.. This vulnerability...

Command Execution Vulnerability in Tianrongxin Technology Group Reporter

Tianrongxin Technology Group is a leading provider of network security, big data and cloud services in China. A command execution vulnerability exists in Tianrongxin Technology Group Reporter, which can be exploited by attackers to gain control of the server...

Command Execution Vulnerability in DCME-520 of Beijing Digital China Yunko Information Technology Co.

DCME-520 is a new-generation high-performance Internet egress gateway launched by Digital China Networks Co., Ltd. using a multi-core high-performance processor, combined with a dedicated ASIC switching chip, to meet the business needs of large-capacity number of users, multi-traffic flow, and...

Microsoft 3D Viewer 3MF Code Execution Vulnerability

Microsoft 3D Viewer is a 3D modeling tool developed by Microsoft. A use-after-release vulnerability exists in Microsoft 3D Viewer 3MF processing, which can be exploited by an attacker to submit a special file request that can be tricked into being parsed by the user, which can cause the applicati...

Jinan Ai Cheng Network Technology Co., Ltd. iWebShop open source mall system with command execution vulnerabilities

iWebShop open source mall system is a PHP language and MYSQL database based on the development of B2B2C single-user and multi-user open source free mall system . Jinan Ai Cheng Network Technology Co., Ltd. iWebShop open source mall system there is a command execution vulnerability , attackers can...

Command Execution Vulnerability in Various Cameras of Shenzhen Qiaoan Technology Co.

Ltd, founded in 2010 in Shenzhen, is a "Qiaoan" as the core brand, mainly engaged in video security smart home product development, production, marketing, service in one of the national high-tech enterprises. Ltd. A number of cameras exist command execution vulnerability, attackers can use the...

SUSE-SU-2021:1995-1 Security update for xstream

This update for xstream fixes the following issues: Upgrade to 1.4.17 - CVE-2021-29505: Fixed potential code execution when unmarshalling with XStream instances using an uninitialized security framework bsc1186651...

MGASA-2021-0263 Updated gsoap packages fix security vulnerabilities

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability CVE-2020-13574. A denial-of-service vulnerability exists in...

OPENSUSE-SU-2021:0876-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. INTEL-SA-00465 bsc1179833 See...

OpenText Brava! 缓冲区错误漏洞

OpenText Brava! Desktop is a browser-based universal document viewer from OpenText Opentext Canada. The product supports viewing, annotating and editing many types of documents. A security vulnerability exists in OpenText Brava! Desktop that stems from the program's lack of proper validation of...

Updated microcode packages fix security vulnerabilities

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2020-24489. Improper isolation ...

SUSE SLES15 Security Update : ucode-intel (SUSE-SU-2021:1932-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1932-1 advisory. - Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via...