Google Chrome < 95.0.4638.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 95.0.4638.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202110stable-channel-update-for-desktop28 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 8 security fixes, including: 1259864 High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 1259587 High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security La...

ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of D...

Lack of data validation in update function

Handle Koustre Vulnerability details Impact There is no data validation of the data input into update function in MochiCSSRv0.sol. Allowing anyone to set the price of any non ERC20 token that is not a bluechip asset DAI, WETH, ETH, etc. Proof of Concept Provide direct links to all referenced code...

Nextcloud 代码问题漏洞

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Contacts application prior to version 4.0.3 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side...

Automated Logic WebCTRL System 跨站脚本漏洞

Automated Logic WebCTRL System 6.5 is an application from Automated Logic, Inc. It provides integrated alarm management and predictive HVAC planning. A cross-site scripting vulnerability exists in Automated Logic WebCTRL/WebCTRL OEM web, which stems from a lack of proper validation of client-side...

Csdn App 跨站脚本漏洞

Csdn App is an It community software for cell phones from CN Beijing Innovative Lezhi Network Technology Csdn. Csdn APP suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability...

CVE-2021-41159

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue h...

IBM QRadar Advisor with Watson Cross-Site Scripting Vulnerability

IBM QRadar Advisor with Watson is a suite of security threat analysis solutions from IBM USA. The product includes features such as security threat response and threat probing. A security vulnerability exists in IBM QRadar Advisor with Watson, which stems from the lack of proper validation of...

Alfresco 跨站脚本漏洞

Alfresco is an open source enterprise content management system. The platform page using Freemarker development , the main features include document management , collaboration , records management , knowledge base management , Web content management and so on. Alfresco has a security vulnerabilit...

Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Management API. The issue results from the lack of proper validation of the...

Memory corruption

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables...

IBM QRadar Advisor with Watson 跨站脚本漏洞

IBM QRadar Advisor with Watson is a suite of security threat analysis solutions from IBM USA. The product includes features such as security threat response and threat probing. A security vulnerability exists in IBM QRadar Advisor with Watson, which stems from the lack of proper validation of...

Ibm Security Risk Manager on Cp4S 安全漏洞

Ibm Security Risk Manager on Cp4S is a security risk manager from Ibm USA. A security vulnerability exists in Ibm Security Risk Manager on Cp4S, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute...

CVE-2021-38426

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code...

CVE-2021-38442

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-38434

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code...

CVE-2021-38426

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code...

Default credentials

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code...

CVE-2021-38436

FATEK Automation WinProladder is affected (versions 3.30 and prior). The issue arises from a lack of proper validation of user-supplied data when parsing project files, leading to memory corruption that could enable arbitrary code execution in the current process. The CVE is tracked as CVE-2021-3...