CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

PT-2021-6114 · Tp Link · Tp-Link Ac1750

Name of the Vulnerable Software and Affected Versions: TP-Link AC1750 version 1.1.4 Build 20211022 rel.591035553 Description: The issue is related to a read past the end of an allocated buffer in the NetUSB.ko module, which can be exploited by network-adjacent attackers to execute arbitrary code ...

NETGEAR R6260 安全漏洞

NETGEAR R6260 is a router device. A security vulnerability exists in NETGEAR R6260 routers, which stems from the device's failure to properly validate the length of user-supplied data before copying it to a fixed-length buffer, which could be exploited by an attacker to execute code in the root...

CVE-2021-34862

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webpr...

Cisco SD-WAN Security Bug Allows Root Code Execution

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could lead to arbitrary code execution. Cisco’s SD-WAN portfolio allows businesses of all sizes to connect disparate office locations via the cloud using various...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

Siemens SINEC NMS 代码问题漏洞

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks. a code issue vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows the upload of JSON objects deserialized t...

Cisco Anyconnect Secure Mobility Client 竞争条件问题漏洞

Cisco Anyconnect Secure Mobility Client is a VPN client software for secure connectivity from Cisco. The Cisco AnyConnect Secure Mobility Client suffers from a Competitive Condition Issue vulnerability that arises from a competitive condition during signature verification of shared library files...

NETGEAR R7800 缓冲区错误漏洞

The NETGEAR R7800 is a wireless router from NETGEAR. The NETGEAR R7800 suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data, which could result in a write beyond the end of the allocated data structure. An attacker could exploit this...

Siemens Desigo CC 操作系统命令注入漏洞

Siemens Desigo CC is an open building management platform from Siemens, Germany.GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform.Operation Scheduler is a tool that enables security...

XeroSecurity Sn1per 安全漏洞

XeroSecurity Sn1per is a persistent attack surface management ASM platform. A security vulnerability exists in XeroSecurity Sn1per version 9.0 that stems from an application execution with insecure permissions set 0777 that allows an unprivileged user to modify the application, modules and...

Vulnerability fixed in Apple iOS, iPadOS and macOS

A vulnerability has been fixed in iOS, iPadOS and macOS. A malicious party could potentially exploit the vulnerability to execute arbitrary code under root privileges. Apple indicates that this vulnerability may be actively abused being exploited. Apple has released updates to fix the...

Fortinet FortiManager和Fortinet FortiAnalyzer 资源管理错误漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products from Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains...

The vulnerability of the cmd_subsys.php component of the Nagios Fusion software, a visualization tool for IT infrastructure monitoring, allows a attacker to escalate their privileges or execute arbitrary code with root rights.

The vulnerability of the cmdsubsys.php component of the Nagios Fusion software, a visualization tool for IT infrastructure monitoring, is related to the lack of measures for cleaning input data. Exploiting this vulnerability can allow an attacker to increase their privileges or execute arbitrary...

Vulnerabilities fixed in the linux kernel

Canonical has fixed a number of vulnerabilities in the Linux kernel. The vulnerabilities allow an authenticated malicious person able to cause a denial-of-service, or potentially execute arbitrary code with root privileges. The vulnerabilities are known to be exploitable only locally or through...

CVE-2021-1538

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default...

CVE-2021-1509

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1511

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

PT-2021-5238 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R11.4 Description: A buffer overflow issue exists, allowing a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room data. This can be exploited ...