Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2021-1234)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RUSTSEC-2021-0019 Multiple soundness issues

Calls std::str::fromutf8unchecked without any checks The function xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on the raw bytes that were received from the X11 server without any validity checks. The X11 server only prevents interior null bytes, but otherwise allows any X...

RainbowFish PacsOne Server 跨站脚本漏洞

RainbowFish PacsOne Server is an image archiving and communication system server from RainbowFish Rainbowfish, which is used to save incoming images. A cross-site scripting vulnerability exists in versions of RainbowFish PacsOne Server prior to 7.1.1, which stems from the lack of proper validatio...

KLA12178 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebRTC can be...

Fedora 32 : chromium (2021-b7cc24375b)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-b7cc24375b advisory. - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCT...

Fuji Electric V-Server Lite VPR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

OPENSUSE-SU-2021:0173-1 Security update for chromium

This update for chromium fixes the following issues: chromium was updated to 88.0.4324.96 boo1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in...

openSUSE Security Update : chromium (openSUSE-2021-166)

This update for chromium fixes the following issues : Chromium was updated to 88.0.4324.96 boo1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0177-1 Rating: important References: 1181137 Cross-References: CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124...

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from a lac...

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component in Oracle VM VirtualBox exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the HEVC Video Extension codec, which arises due to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the HEVC Video Extension codec exists due to insufficient checks on input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Apache Servicecomb Java Chassis 代码问题漏洞

Apache Servicecomb Java Chassis is the Apache Foundation , a Java language based on the Apache Foundation for building microservices to provide a whole solution for the code base . A security vulnerability exists in Apache ServiceComb-Java-Chassis versions 2.0.0 through 2.1.3, which stems from a...

FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)

Chrome Releases reports : This release contains 36 security fixes, including : - 1137179 Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 - 1161357 High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander...

Improper Data Validation

chromium improperly validates data. The issue exists in the File System component of the Chromium browser...