Unspecified Vulnerability in Google Chrome (CNVD-2021-27274)

Google Chrome is a web browser from Google, an American company. Google chrome has a security vulnerability that stems from insufficient data validation in V8. A remote attacker can exploit the vulnerability to conduct a potential attack by leveraging heap corruption via a crafted HTML page...

Trend Micro IMSVA External Entity Injection (CVE-2020-27017)

An XXE vulnerability exists in Trend Micro InterScan Messaging Virtual Appliance. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction...

cacti -- SQL Injection was possible due to incorrect validation order

Cati team reports: Due to a lack of validation, datadebug.php can be the source of a SQL injection...

Grupo Crk Banking Business Platform Cross-Site Scripting Vulnerability

Grupo Crk Banking Business Platform is a business management software from Grupo Crk, Portugal. A cross-site scripting vulnerability exists in CRK Business Platform version 2019.1 and prior versions, which stems from the application lacking proper validation of client-side data CRK, IDContratante...

WHO COVID-19 Mobile App: Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users

Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value typically OOS since it's not directly exploitable https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On th...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient data validation in webUI that allows a local attacker to bypass content security policy via a crafted HTML page...

Privilege Escalation

chromium is vulnerable to privilege escalation. Insufficient data validation in navigation allows a remote attacker who has compromised the renderer process to bypass navigation restrictions via a malicious HTML page...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists through insufficient data validation in dialogs that allows a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient data validation in media that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Insufficient Data Validation

Insufficient data validation in Omnibox in Google Chrome allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

Cross-Site Scripting (XSS)

chromium is vulnerable to cross-site scripting. Insufficient data validation in WebUI allows a remote attacker, who has compromised the renderer process, to inject scripts or HTML into a privileged page via a malicious HTML page...

Authorization Bypass

chromium is vulnerable to authorization bypass. Insufficient data validation in Blink allows an attacker to bypass authorization...

Authorization Bypass

chromium is vulnerable to authorization bypass. The vulnerability exists through insufficient data validation in WASM...

Privilege Escalation

chromium is vulnerable to Privilege Escalation. Insufficient data validation in installer allows a local attacker to elevate privilege via a malicious filesystem...

CVE-2020-15293

Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions...

CVE-2020-15292 Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor IntPeGetDirectory, TOCTOU IntPeParseUnwindData or insufficie...

CVE-2020-15292

CVE-2020-15292 affects Bitdefender HVI (VA-9333). The vulnerability stems from lack of validation when reading data from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree. Consequences described in sources include out-of-bou...

(0Day) Eaton EASYsoft E70 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of E70...

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Cisco Identity Services Engine’s web interface is related to errors during the validation of data entered through the web interface. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-2534)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Squid before 4.9, when certain web browsers are used, mishandles HTML in the host aka hostname parameter to cachemgr.cgi.CVE-2019-18860 - An issue...