CVE-2021-22397

There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service...

Sourcegraph 信息泄露漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. in the United States. Sourcegraph suffers from a security vulnerability that stems from the fact that the site administration area can be accessed by a normal user, with all information and functionality properly...

QSAN Storage Manager Directory Traversal Vulnerability (CNVD-2021-50943)

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A directory traversal vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and earlier versions, which can be exploited by an attacker to traverse files in an arbitrary directory...

DEBIAN-CVE-2020-28598

An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2020-28598

An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

PrusaSlicer 缓冲区错误漏洞

PrusaSlicer is a 3D printing data processing software. A security vulnerability exists in the Admesh stlfixnormaldirections function of Prusa Research PrusaSlicer 2.2.0 and Master, which originates from an out-of-bounds write. An attacker can trigger code execution by supplying a specially crafte...

QSAN Storage Manager 安全漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A directory traversal vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and earlier versions, which can be exploited by an attacker to traverse files in an arbitrary directory...

QSAN Storage Manager 安全漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A directory traversal vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and earlier versions, which can be exploited by an attacker with normal user privileges to traverse file...

CVE-2021-22368

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device...

CVE-2021-22368

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device...

CVE-2021-29958

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

ZTE ZXHN H168N 信息泄露漏洞

The ZTE ZXHN H168N is a router from China's ZTE Corporation ZTE. The ZTE ZXHN H168N 3.5.0EG1T4TE suffers from an information disclosure vulnerability that originates from improper privilege settings, which can be exploited by an attacker with normal user privileges to obtain some sensitive user...

Looking Ahead: The Post-Pandemic Security Landscape

One year into the pandemic, our team at Trend Micro discussed the lasting impact that Covid-19 will have on people’s way of life and what a post-pandemic “new normal” might look like...

Shared Cookie

firefox uses shared cookie. The vulnerability exists due to having the address bar search suggestions in private browsing mode session data from normal mode...

github firefox-ios 信息泄露漏洞

github firefox-ios is a github open source application. Firefox for iOS is provided. An information disclosure vulnerability exists in github firefox-ios, which stems from the application outputting too much data during private browsing. When a client initiates a download, it does not check wheth...

GHSA-4P4P-WWW8-8FV9 Reference binding to null in `ParameterizedTruncatedNormal`

Impact An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal: python import tensorflow as tf shape = tf.constant, shape=0, dtype=tf.int32 means = tf.constant1, dtype=tf.float32 stdevs = tf.constant1, dtype=tf.float32 minvals = tf.constant1...

Bitdefender Endpoint Security Tool 安全漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in versions prior to Bitdefender Endpoint Security Tools 6.6.23.320, which stems from the presence of improper access control that allows a normal user...

PYSEC-2021-694

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...