5838 matches found
vaadin 跨站脚本漏洞
vaadin vaadin is an open source platform for web application development from Finnish company vaadin. the vaadin platform consists of a set of web components, a Java web framework, and a set of tools and application launchers. the vaadin platform includes a set of web components, a Java web...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Flat Preloader Plugin in versions prior to 1.5.5 has a cross-site scripting vulnerability that stems from...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress WP Sitemap Page plugin has a cross-site scripting vulnerability in versions prior to 1.7.0, which stems from ...
FreeBSD : chromium -- multiple vulnerabilities (976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec)
Chrome Releases reports : This release contains 8 security fixes, including : - 1259864 High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 - 1259587 High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber...
Huawei Emui and Magic UI Unauthorized File Access Vulnerability
Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. An unauthorized file access vulnerability exists in Huawei Emui and Magic UI that originates from a network system or product that does not properly validate...
Chromium: CVE-2021-37999 Insufficient data validation in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Google Chrome New Tabs Data Validation Insufficient Vulnerability
Chrome is a simple and efficient web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.69 are vulnerable to insufficient data validation in new tabs. A remote attacker could inject arbitrary script or HTML into a new browser tab via a crafted HTML page...
Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker...
Folder Lock Cross-Site Scripting Vulnerability
Folder Lock is a perfect data security application from NewSoftwares, Inc. Folder Lock is vulnerable to a cross-site scripting vulnerability in v3.4.5, which stems from the " Create Folder" function under the "Create" module lacks a data validation filter for user-supplied data and output. An...
ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Fuji Electric Tellus Lite V-Simulator X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
SolarWinds Patch Manager WSAsyncExecuteTasks Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSAsyncExecuteTasks endpoint. The issue results from the lack of proper...
Stable Channel Update for Desktop
The Stable channel has been updated to 95.0.4638.69 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by...
Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP...
Adobe Animate GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF...
NETGEAR R6260 安全漏洞
NETGEAR R6260 is a router device. A security vulnerability exists in NETGEAR R6260 routers, which stems from the device's failure to properly validate the length of user-supplied data before copying it to a fixed-length buffer, which could be exploited by an attacker to execute code in the root...
Adobe Animate SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Animate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
Google Chrome < 95.0.4638.69 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 95.0.4638.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202110stable-channel-update-for-desktop28 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69...