Daybyday CRM 跨站脚本漏洞

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. A cross-site scripting vulnerability exists in DayByDay CRM. The vulnerability stems from the title field of a new task in the product...

January 4, 2022, update for Project 2016 (KB4504713)

January 4, 2022, update for Project 2016 KB4504713 This article describes update 4504713 for Microsoft Project 2016 that was released on January 4, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

DEBIAN-CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

UBUNTU-CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

PT-2025-8051

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, related to the ath11k module. The issue causes frames flush failure due to a deadlock, resulting in warnings such as "failed to...

PT-2025-8655

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A memory corruption issue in the VF driver of the Linux kernel has been resolved. The issue occurred when the VF driver assumed that the VF was disabled while it still had queues...

PT-2021-6086 · Openexr +2 · Openexr +2

Name of the Vulnerable Software and Affected Versions: OpenEXR versions 3.1.0 through 3.1.3 Description: The issue is related to a heap-based buffer overflow in the Imf 3 1::LineCompositeTask::execute function, which can be called from IlmThread 3 1::NullThreadPoolProvider::addTask and IlmThread ...

Celery Command Injection Vulnerability

celery is an open source package for distributed task queues. A command injection vulnerability exists in celery versions prior to 5.2.2, which can be exploited by an attacker to access or somehow manipulate metadata in the celery backend, triggering a stored command injection vulnerability...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1635-1 advisory. - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code...

ZTE Big Video Analysis Product Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in ZTE Big Video Analysis Product, a large video analytics product from ZTE Corporation China, which stems from an attacker with normal user privileges gaining unauthorized access to ZTE Big Video Analysis Product due to improper management of timed...

CVE-2021-21750

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

CVE-2021-21750

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

Privilege escalation

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

CVE-2021-21750

CVE-2021-21750 affects ZTE BigVideo Analysis Product. The vulnerability is an elevation of privilege due to improper management of the timed task modification privilege, enabling an attacker with ordinary user permissions (local access) to gain unauthorized access. Exploit status is not detailed ...

CVE-2021-21750

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

Object Properties Collection Task finishes with the "fail" status when VMware Site Recovery Manager is used for monitored vCenter server(s)

Challenge When one or more federated SSO vCenter Servers joined to VMware Site Recovery Manager are added to Veeam ONE, the Object Properties Collection Task may complete with a "fail" status. Correlated with the task completion time, an entry in the Event Logs will display "An item with the same...

ZTE Big Video Analysis Product 权限许可和访问控制问题漏洞

An elevation of privilege vulnerability exists in ZTE Big Video Analysis Product, a large video analytics product from ZTE Corporation China, which stems from an attacker with normal user privileges gaining unauthorized access to ZTE Big Video Analysis Product due to improper management of timed...

Veritas Enterprise Vault EVTaskGuardian Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVTaskGuardian.exe. The issue results from the lack of proper validation of...

kernel security and bug fix update

4.18.0-348.7.15.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...