Adobe Photoshop MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Zabbix SIA Zabbix Cross-Site Scripting Vulnerability

Zabbix SIA Zabbix is an open source monitoring system from the Latvian company Zabbix SIA. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. Zabbix SIA A cross-site scripting vulnerability exists in Zabbix. The vulnerability stems from a lack ...

Security Advisory - fastjson Injection Vulnerability in Huawei Products

fastjson have the similar vulnerability with CVE-2020-8840 that could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics. Vulnerability ID: HWPSIRT-2020-02150 Huawei has released software update...

Torchbox Wagtail Cross-Site Scripting Vulnerability

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A cross-site scripting vulnerability exists in Torchbox Wagtail versions prior to 2.7.4 and prior to 2.9.3. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

openSUSE Security Update : chromium (openSUSE-2020-1020)

This update for chromium fixes the following issues : - Update to 84.0.4147.89 boo1174189 : - Critical CVE-2020-6510: Heap buffer overflow in background fetch. - High CVE-2020-6511: Side-channel information leakage in content security policy. - High CVE-2020-6512: Type Confusion in V8. - High...

The vulnerability of the Cisco Webex Meetings Server and Cisco Webex Meetings software lies in the lack of proper validation of input data, allowing attackers to alter the content of web pages.

The vulnerability of Cisco Webex Meetings Server and Cisco Webex Meetings software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to alter the content of web pages from a remote location...

CloudBees Jenkins Matrix Project Plugin Cross-Site Scripting Vulnerability (CNVD-2020-43166)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Matrix Project Plugin is used in one of the...

Oracle VirtualBox BusLogicSCSI Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

(0Day) Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the aspectjweaver library. The issue results from the lack of proper validation of...

openSUSE Security Update : chromium (openSUSE-2020-823)

This update for chromium fixes the following issues : Chromium was updated to 83.0.4103.97 boo1171910,bsc1172496 : - CVE-2020-6463: Use after free in ANGLE boo1170107 boo1171975. - CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh@pwnexpoit of STEALIEN on 2020-04-21 -...

CloudBees Jenkins Deployer Framework Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

IBM Team Concert Cross-Site Scripting Vulnerability

IBM Team Concert RTC is a set of scalable team collaboration platform from IBM in the United States. The platform includes features such as task tracking, source code control, automated builds, change management, and agile planning and continuous builds. A cross-site scripting vulnerability exist...

The vulnerability of the SAP NetWeaver software integration platform, related to the lack of measures for cleaning input data, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the SAP NetWeaver software integration platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Description of the security update for Office Online Server: July 14, 2020

Description of the security update for Office Online Server: July 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following...

TYPO3 ke_search extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. kesearch extension is one of the search engine extensions. A cross-site scripting vulnerability exists in TYPO3 kesearch extension. The vulnerability stems from the WEB application lacking...

SolarWinds Serv-U File Server Cross-Site Scripting Vulnerability (CNVD-2020-51523)

SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A cross-site scripting vulnerability exists in SolarWinds Serv-U File Server versions prior to 15.2.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...