Design/Logic Flaw

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

The vulnerability in the imap/util.c component of the Mutt and NeoMutt email clients arises from reading data beyond the allowed buffer size. This allows an attacker to access confidential data and also cause service interruptions.

The vulnerability in the imap/util.c component of the Mutt and NeoMutt email clients is related to incorrect handling of the IMAP sequence set, which ends with a semicolon. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of validation for XML object sequences, allowing attackers to execute arbitrary SQL commands.

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using specially crafted HTTP requests...

Siemens SIMATIC 安全特征问题漏洞

The LOGO! CMR family is a communication system for monitoring and controlling distributed devices and systems via text messages or e-mail.Siemens SIMATIC RTU3000C is a compact RTU from Siemens, Germany is a low-power remote terminal unit RTU for energy self-sufficiency. A vulnerability in the...

CVE-2021-40147

EmTec ZOC before 8.02.2 allows \e201 pastes, a different vulnerability than CVE-2021-32198...

The vulnerability of the implementations of the ISN generators for TCP/IP NicheLite and InterNiche allows attackers to perform spoofing attacks.

The vulnerability of the ISN generator implementations for TCP/IP NicheLite and InterNiche is related to the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

CVE-2020-35685

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing...

Fortinet FortiManager and Fortinet FortiAnalyzer Environment Issue Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. Fortinet FortiAnalyzer is a centralized network security reporting solution that allows for centralized management of any number of Fortinet devices and the ability to group devices into different...

Fortinet FortiManager和Fortinet FortiAnalyzer 环境问题漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. Fortinet FortiAnalyzer is a centralized network security reporting solution that allows for centralized management of any number of Fortinet devices and the ability to group devices into different...

OESA-2021-1293 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka...

The vulnerability in the fs/seq_file.c component of Linux operating systems allows a hacker to increase their privileges.

The vulnerability of the fs/seqfile.c component in Linux operating systems is related to writing beyond the buffer boundaries of memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

NCH Axon PBX 路径遍历漏洞

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The NCH Axon PBX has a security vulnerability that could be exploited to send a constructed URL request to the logdelete function, which contains the "dot-dot" sequence in the file parameter /... /. to vie...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)

The Qualys Research Team has discovered a sizet-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. Abou...

PT-2021-1515

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.16 through 5.13.x before 5.13.4 Description: The issue is related to an integer overflow and out-of-bounds write in the Linux kernel's filesystem layer, specifically in the fs/seq file.c component. This can be exploite...

Remote code execution

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...