This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-612: Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Post Title
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
CVE-2021-22055
The SchedulerServer in Vmware photon allows remote attackers to inject logs through r in the package parameter. Attackers can also insert malicious data and fake entries.
thunderbird-91.8.0-1.fc36
FEDORA-2022-e721e5aebc
Packages in this update:
thunderbird-91.8.0-1.fc36
Update description:
Update to 91.8.0
thunderbird-91.8.0-1.fc35
FEDORA-2022-57f0bf1034
Packages in this update:
thunderbird-91.8.0-1.fc35
Update description:
Update to 91.8.0
thunderbird-91.8.0-1.fc34
FEDORA-2022-585661c82c
Packages in this update:
thunderbird-91.8.0-1.fc34
Update description:
Update to 91.8.0
USN-5374-1: libarchive vulnerability
It was discovered that libarchive incorrectly handled certain archive files.
An attacker could possibly use this issue to expose sensitive information.
CVE-2021-25090
The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed
CVE-2021-24986
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form