A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
An OGNL injection vulnerability in Confluence Server and Data Center allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
The Canon TR150 print driver is vulnerable to a privilege escalation issue. During the add printer process an attacker can overwrite a DLL and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges.
The password input field in the "/auth/" and "/auth/change" endpoints of Cisco HyperFlex HX Installer Virtual Machine allow an unauthenticated attacker to execute systems commands as root.
A path traversal vulnerability in Apache HTTP server may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
This vulnerability is a bypass of CVE-2021-41773.
This vulnerability is a bypass of CVE-2021-41773.
A combination of a path confusion that leads to an authentication bypass (ACL), an elevation of privilege and an arbitrary file write vulnerability, allows unauthenticated attackers to execute commands with SYSTEM privileges in Microsoft Exchange Server.
CVE-2021-40449 is a use-after-free vulnerability in Win32k's NtGdiResetDC function. As with many other Win32k vulnerabilities, the root cause of this vulnerability lies in the ability to set user-mode callbacks and execute unexpected API functions during execution of those callbacks. The CVE-2021-40449 is triggered when the function ResetDC is executed a second time for the same handle during execution of its own callback.
This is a critical vulnerability in the MSHTML rendering engine. Microsoft Office applications use the MSHTML engine to process and display web content. An adversary who successfully exploits could achieve full control over a target system by using malicious ActiveX controls to execute arbitrary code.
This Update contains the following improvements:
-Default Connection method was changed to HTTPS
-Early Release Warning was removed
-Several "Application Name" in "Supported systems" property were added
-Added html obfuscation when possible to avoid AV detection
-All file names are randomized
-Now users can choose between using cab file method or not
This Update contains the following improvements:
-Default Connection method was changed to HTTPS
-Early Release Warning was removed
-Several "Application Name" in "Supported systems" property were added
-Added html obfuscation when possible to avoid AV detection
-All file names are randomized
-Now users can choose between using cab file method or not
A path traversal vulnerability in Apache HTTP server may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
A remote code execution vulnerability exists in OMI. An unauthenticated, remote attacker can exploit this flaw by sending a specially crafted request to a vulnerable service over a publicly accessible remote management port.