This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
It was discovered that virglrenderer incorrectly handled memory. An
attacker inside a guest could use this issue to cause virglrenderer to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0135)
It was discovered that virglrenderer incorrectly initialized memory. An
attacker inside a guest could possibly use this issue to obtain sensitive
host information. (CVE-2022-0175)
Posted by YEUNG, Tsz Ko on Feb 28
Hi all,
I would like to disclose a vulnerability that I just found today.
Details below:
Vulnerable Software and Version:
1. Rufus 3.17.1846 executable
2. Rufus 3.17.1846 portable executable
Vulnerable software download link:
https://rufus.ie/en/
https://github.com/pbatard/rufus/releases/tag/v3.17
Date discovered and reported:
25 Feb 2022
Description:
Both Rufus 3.17.1846 executable AND portable executable are suffering from DLL…
Posted by YEUNG, Tsz Ko on Feb 28
Hi all,
I would like to disclose a vulnerability that I just found today.
Details below:
Vulnerable Software and Version:
1. Rufus 3.17.1846 executable
2. Rufus 3.17.1846 portable executable
Vulnerable software download link:
https://rufus.ie/en/
https://github.com/pbatard/rufus/releases/tag/v3.17
Date discovered and reported:
25 Feb 2022
Description:
Both Rufus 3.17.1846 executable AND portable executable are suffering from DLL…
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)
Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)
It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)
It was discovered that QEMU incorrectly handled bulk transfers from SPICE
clients. A remote attacker could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-3682)
It was discovered that the QEMU UAS device emulation incorrectly handled
certain stream numbers. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 21.10.
(CVE-2021-3713)
It was discovered that the QEMU virtio-net device incorrectly handled
certain buffer addresses. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-3748)
It was discovered that the QEMU SCSI device emulation incorrectly handled
certain MODE SELECT commands. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2021-3930)
It was discovered that the QEMU ACPI logic incorrectly handled certain
values. An attacker inside the guest could possibly use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only affected
Ubuntu 21.10. (CVE-2021-4158)
Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that the QEMU
virtiofsd device incorrectly handled permissions when creating files. An
attacker inside the guest could use this issue to create files inside the
directory shared by virtiofs with unintended permissions, possibly allowing
privilege escalation. This issue only affected Ubuntu 21.10.
(CVE-2022-0358)
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
