CVE-2021-1746

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution...

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to errors in processing XML requests, which allows a hacker to execute arbitrary code.

Vulnerability of the software platform for developing and managing online stores Magento Commerce. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with access rights as an administrator to the console...

The vulnerability of the virtual learning environment Moodle, related to deficiencies in the processing of input characters, allows a violator to trigger a service failure.

The vulnerability in the virtual learning environment Moodle is related to deficiencies in the processing of input characters when sending messages. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Vulnerabilities fixed in Joomla

Several vulnerabilities have been fixed in Joomla. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure The vulnerability with...

CVE-2021-1131

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. The vulnerability is due to missing checks when Cisco Discovery Protocol messages are...

Design/Logic Flaw

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."...

PT-2020-5183 · Cisco · Cisco Data Center Network Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager DCNM Software affected versions not specified Cisco Firepower Management Center FMC affected versions not specified Description: The issue is related to insufficient path restriction enforcement in a certain...

kernel: net: bluetooth: type confusion while processing AMP packets

A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...

The vulnerability of the Cisco Jabber Client Framework for Windows software, related to data processing flaws, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Jabber Client Framework for Windows software is related to data processing flaws. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Cisco Jabber Client Framework for Windows software, related to data processing flaws, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Jabber Client Framework for Windows software is related to data processing flaws. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

dotnet: XML source markup processing remote code execution

It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...

The vulnerability of Cisco Aironet Access Points of models 1540 and 1800, related to improper processing of client packets sent to the vulnerable access point, allows a perpetrator to cause service failure.

The vulnerability of Cisco Aironet Access Points models 1540 and 1800 relates to the improper processing of client packets sent to the vulnerable access points. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted packets...

The vulnerability of SQLite’s data processing mechanism in Google Chrome browsers allows attackers to gain unauthorized access to confidential data.

The vulnerability of SQLite data processing mechanism in Google Chrome browsers is related to reading data from buffer files beyond their allowable limits. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data through a created HTML page...

The vulnerability of the Microsoft Internet Information Server (IIS) operating system on Windows allows a perpetrator to execute a type of attack known as “cross-site scripting attacks”.

The vulnerability of the Microsoft Internet Information Server IIS operating systems on Windows is related to incorrect processing of request headers. Exploiting this vulnerability allows a malicious actor to execute a type of attack known as “cross-site request forgeing” by sending specially...

WPS Office Campus Edition suffers from dll hijacking vulnerability

WPS Office Campus Edition is for campuses, teachers, students and other educational users, adding the team function of cloud documents, adding LaTeX formulas, geometric diagrams, mind maps and other professional drawing tools, combining with AI technology, adding thesis checking, super resume,...

CVE-2020-1857

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local...

Cisco Data Center Network Manager getDiscoveredDeviceCount hostname SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

The vulnerability of the Azure App Services component of the Azure Stack software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Azure App Services component of the Azure Stack software platform exists due to errors in memory object processing. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the NT AUTHORITY/SYSTEM context remotely...

Sourcecodester Restaurant Management System Code Issue Vulnerability

Sourcecodester Restaurant Management System is a restaurant management system. A code issue vulnerability exists in version 1.0 of the Sourcecodester Restaurant Management System, which arises from a failure of the program to properly process user-submitted input and can be exploited by an attack...

Adobe Acrobat Pro DC DST File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...