OPENSUSE-SU-2021:0629-1 Security update for Chromium

This update for chromium fixes the following issues: - Chromium was updated to 90.0.4430.93 boo1184764,boo1185047,boo1185398 CVE-2021-21227: Insufficient data validation in V8. CVE-2021-21232: Use after free in Dev Tools. CVE-2021-21233: Heap buffer overflow in ANGLE. CVE-2021-21228: Insufficient...

Design/Logic Flaw

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...

CVE-2021-29486

The CVE concerns the npm library cumulative-distribution-function. A flaw in versions prior to 2.0.0 can cause an infinite-cpu-loop denial of service when the library processes invalid data (notably arrays of strings instead of numbers), impacting node.js servers and browser apps that do not vali...

CVE-2021-29486 Improper Input Validation and Loop with Unreachable Exit Condition ('Infinite Loop') in cumulative-distribution-function

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...

Parallels Desktop IDE Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2021-34192)

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in the IDE virtual appliance in Parallels Desktop version 15.1.5-47309. The vulnerability stems from a lack of proper validation of user-supplied data. A local attacker could...

CVE-2021-21227

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Debian: Security Advisory (DSA-4906-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-31433

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Stack overflow

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Heap overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-31437

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to an insufficient data validation security issue was found in the iOSWeb component of the Chromium browser...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to insufficient data validation that allows a remote attacker to leak cross-origin data via a crafted HTML page...

Chromium: CVE-2021-21227 Insufficient data validation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2021-21231 Insufficient data validation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. A cross-site scripting vulnerability exists in Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.9, and 6.7.14-HF1, which stems from a lack of proper...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks. a cross-site scripting vulnerability exists in Aruba ClearPass Policy Manager, which stems from the lack of proper validation of client data by the WEB...

KLA12161 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. A data validation vulnerability in V8 can be exploited to...