Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing ...

Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing ...

Adobe Premiere Rush MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Adobe Premiere Rush MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

MONITORAPP AIWAF-VE and AIWAF-4000 Cross-Site Scripting Vulnerabilities

Monitorapp AIWAF-4000 is an application firewall from MONITORAPP Monitorapp, USA. A cross-site scripting vulnerability exists in MONITORAPP AIWAF-VE and AIWAF-4000 2020-06-16 and earlier versions. The vulnerability stems from a lack of proper validation of client data by the WEB application. An...

RHEL 6 : chromium-browser (RHSA-2020:2544)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 83.0.4103.97. Security Fixes:...

Open-Xchange OX Guard Cross-Site Scripting Vulnerability (CNVD-2020-53118)

Open-Xchange OX Guard is an encryption software from Open-Xchange USA. The software is mainly used for encryption/decryption of emails and documents. A cross-site scripting vulnerability exists in Open-Xchange OX Guard 2.10.3 and earlier versions. The vulnerability stems from a lack of proper...

WordPress wpForo Forum plugin cross-site scripting vulnerability (CNVD-2021-24375)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wpForo Forum plugin is a forum plugin used in it. A cross-site scripting vulnerability exists in WordPress wpForo Forum...

chromium-browser: Insufficient data validation in media router

Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...

chromium-browser: Incorrect security UI in site information

Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name...

chromium-browser: Insufficient data validation in loader

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2021-31228)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the scp/categories.php file in Enhancesoft osTicket version 1.14.2. The vulnerability stems from the lack of proper validation of client data in the WEB application, which can...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4388-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4388-1 advisory. It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A...

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information...

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information...

CVE-2020-10644

CVE-2020-10644 affects Inductive Automation Ignition Gateway; root cause is improper validation that allows deserialization of untrusted data. Affected: Ignition 8.x (prior to 8.0.10) and Ignition 7.x (prior to 7.9.14). Impact documented as sensitive information disclosure. Public references note...

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information. Recent assessments:...

Microsoft Windows Media Player DTS Stream Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...