Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

We-COM Municipality portal CMS cross-site scripting vulnerability

We-COM Municipality portal CMS is a Content Management System CMS from the Italian company We-COM. A cross-site scripting vulnerability exists in We-COM Municipality portal CMS version 2.1.x. The vulnerability stems from a lack of proper validation of client-side data in the web application and c...

Cross-site scripting vulnerability in Xunrui CMS version 4.3.8 (2020-06-01)

XunRuiCloud Software Development XunRuiCMS XunRuiCMS is an open source content management system CMS from China XunRuiCloud Software Development Company. A cross-site scripting vulnerability exists in XunRui CMS version 4.3.8 2020-06-01. The vulnerability stems from the lack of proper validation ...

CloudBees Jenkins VncRecorder Plugin Cross-Site Scripting Vulnerability (CNVD-2020-50510)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . VncRecorder Plugin is used in one of the scre...

OpenClinic GA Cross-Site Scripting Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A cross-site scripting vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which stems from the lack...

CloudBees Jenkins VncRecorder Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . VncRecorder Plugin is used in one of the scre...

CVE-2020-9497

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the...

CVE-2020-9497

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the...

DEBIAN-CVE-2020-9497

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the...

CVE-2020-9497

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the...

CVE-2020-9497

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the...

CVE-2020-9497

Apache Guacamole up to version 1.1.0 is affected by CVE-2020-9497 due to improper validation of data from RDP servers via static virtual channels, potentially allowing disclosure of memory in the guacd process when connecting to a malicious or compromised RDP server. Connected sources also refere...

CVE-2020-12497

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

Input validation

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

Stack overflow

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12497 Phoenix Contact Automation Worx <= 1.87: stack-based overflow

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12498

Phoenix Contact PC Worx and PC Worx Express (v1.87 and earlier) are affected by CVE-2020-12498 due to insufficient input validation in MWE file parsing, causing an out-of-bounds read that can lead to remote code execution. Affected component: PC Worx/PC Worx Express parsing of MWE project files; ...

Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

(0Day) Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...