Design/Logic Flaw

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device...

Design/Logic Flaw

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code...

Privilege escalation

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder...

CVE-2021-22735

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device...

CVE-2021-22733

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder...

CVE-2021-22732

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server...

CVE-2021-22732

CVE-2021-22732 affects Schneider Electric homeLYnk and spaceLYnk (Wiser For KNX) systems. The vulnerability is described as improper privilege management in homeLYnk/spaceLYnk versions up to V2.60 and earlier, enabling code execution if an attacker loads unauthorized code on the web server. Conne...

CVE-2021-27031

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

Code injection

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...

Design/Logic Flaw

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a...

CVE-2020-28870

CVE-2020-28870 affects InoERP 0.7.2, where lack of validations in /modules/sys/form_personalization/json_fp.php enables an unauthorized attacker to execute arbitrary server-side code. Multiple sources (NVD, Red Hat advisory, other vendor trackers) document remote code execution potential with hig...

New Docker Container Escape Bug Affects Microsoft Azure Functions

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...

Multiple Vulnerabilities in Zhiyuan OA

Founded in March 2002 and headquartered in Beijing, Beijing Zhiyuan Internet Software Co., Ltd Zhiyuan Internet has always been focusing on the field of enterprise-level management software, and is a high-tech enterprise integrating product design, research and development, sales and service. The...

About the security content of iOS 14.3 and iPadOS 14.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Apple iOS Security Vulnerability

Apple iOS is a set of operating systems developed for mobile devices by the American company Apple Apple. A security vulnerability exists in Apple iOS 12, where unauthorized code execution may result in a violation of authentication policies. The following products and versions are affected: iPho...

About the security content of watchOS 6.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of iOS 12.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of iOS 12.5

About the security content of iOS 12.5 This document describes the security content of iOS 12.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

SaltStack Salt API Arbitrary Code Execution Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. An input validation vulnerability exists in the SaltStack Salt API that can be exploited by a remote attacker to submit a special request for unauthorized access to arbitrary code...