CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Input validation

Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Parallels Desktop VGA Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Microsoft Windows av1decodermft_store MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of M...

Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2020-46295)

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.4.8. The vulnerability stems from a lack of proper validation of...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2020-46791)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.24.2. The vulnerability stems from the...

The vulnerability of the ImageIO component in Oracle Java SE software, related to insufficient validation of input data, allows attackers to cause partial service interruptions.

The vulnerability of the ImageIO component in Oracle Java SE software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause partial service interruptions through network protocols...

Microsoft Outlook EML Rendering Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email. The specific flaw exists within the rendering of emails. The issue result...

Microsoft Windows findBaseLigature TTF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows av1decodermft_store AVIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Google Chrome Security Update (stable-channel-update-for-desktop-2020-07) - Linux

Google Chrome is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the Address Book component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Address Book component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to insufficient validation of entered data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

Carson & SAINT SAINT Security Suite Cross-Site Scripting Vulnerability (CNVD-2020-47571)

Carson & SAINT SAINT Security Suite is the U.S. Carson & SAINT a set of vulnerability management, security configuration assessment, penetration testing and other functions of the security suite. A cross-site scripting vulnerability exists in the Credential Manager component of Carson & SAINT SAI...

chromium-browser: Insufficient data validation in WebUI

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

RHEL 6 : chromium-browser (RHSA-2020:3377)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3377 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 84.0.4147.105. Security Fixes:...

CVE-2020-16229

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application t...

CVE-2020-16213

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, ...