Security Advisories & Alerts

CVE-2021-3156-Heap-based buffer overflow in Sudo

DESCRIPTIONSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character: IMPACTA heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to...

Read More


Multiple Vulnerabilities in Siemens Solid Edge Could Lead to Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ Solid Edge,the most severe of which could allow for arbitrary code execution in thecontext of the system process. Solid Edge is used for designing andviewing 2D and 3D models. Depending on the privileges associated withthe application, an attacker could view, change, or delete data. If thisapplication has been configured to have fewer user rights on the system,exploitation of...

Read More


Multiple Vulnerabilities in Siemens JT2Go and Teamcenter Visualization

DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ JT2Go andTeamcenter Visualization products, the most severe of which could allowfor arbitrary code execution in the context of the system process. JT2Goand Teamcenter Visualization are used for viewing 3D models. Dependingon the privileges associated with the application, an attacker couldview, change, or delete data. If this application has been configured tohave fewer user rights on the system, exploitation...

Read More


Critical Patches Issued for Microsoft Products, January 12, 2021

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution. Successfulexploitation of the most severe of these vulnerabilities could result inan attacker gaining the same privileges as the logged-on user. Dependingon the privileges associated with the user, an attacker could theninstall programs; view, change, or delete data; or create new accountswith full user rights. Users whose accounts...

Read More


A Vulnerability in Adobe Photoshop Could Allow for Arbitrary Code Execution (APSB21-01)

DESCRIPTION:A vulnerability has been discovered in Adobe Photoshop which could allowfor arbitrary code execution. Photoshop is Adobe’s flagship imageediting software. Successful exploitation of this vulnerability couldallow for arbitrary code execution. Depending on the privilegesassociated with the user an attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.Users whose accounts are configured to have fewer user rights on...

Read More


Page 40 of 132« First...102030...3839404142...506070...Last »