CVE-2021-46602

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Schneider Electric Modicon Controllers Improper Access Control (CVE-2018-7847)

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. This plugin only wor...

PT-2021-5538 · Busybox +5 · Busybox +5

Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: A use-after-free issue in Busybox's awk applet can lead to denial of service and possibly code execution when processing a crafted awk pattern in the getvar s function. The vulnerability is...

SUSE SLES12 Security Update : qemu (SUSE-SU-2021:2813-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2813-1 advisory. - A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and...

openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2789-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2789-1 advisory. - A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6....

CVE-2021-3682

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk...

SUSE: Security Advisory (SUSE-SU-2015:0943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : qemu (ELSA-2021-9285)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9285 advisory. - imx7-ccm: add digprog mmio write method Prasad J Pandit Orabug: 31576552 CVE-2020-15469 - tz-ppc: add dummy read/write methods Prasad J Pandit Orabug...

Debian DSA-4921-1 : nginx - security update

Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

CVE-2021-27384

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

CVE-2021-26807

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...

EulerOS 2.0 SP3 : gdm (EulerOS-SA-2021-1787)

According to the versions of the gdm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by...

Denial Of Service (DoS)

qemu is vulnerable denial of service in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution...

CVE-2021-27266

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-3409

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resultin...

NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2021-0069)

The remote NewStart CGSL host, running version MAIN 6.02, has glibc packages installed that are affected by multiple vulnerabilities: - An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not...

CVE-2021-3404

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service and potentially code execution due to a heap buffer overflow which can be triggered via a crafted file...

CVE-2020-27856

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Moderate: Red Hat Security Advisory: rh-php73-php security, bug fix, and enhancement update

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2020-16914

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus GDI+ handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it...