SUSE openSUSE Cross-Site Scripting Vulnerability

openSUSE is a set of Linux-based free operating system and open source community project of the German SUSE company. A cross-site scripting vulnerability exists in previous versions of SUSE openSUSE open-build-service 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. The vulnerability stems from a lack o...

TYPO3 Link Handling Component Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the Link Handling component of TYPO3 versions 9.5.12 through 9.5.16 and 10.2.0 through 10.4.1. The vulnerability stems from a lack of proper...

Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC JPEG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Stack overflow

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution...

Katyshop2 Cross-Site Scripting Vulnerability

Katyshop2 is a suite of e-commerce applications based on PHP and MySQL. A cross-site scripting vulnerability exists in Katyshop2 versions prior to 2.12. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit this vulnerability to...

Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002722 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002722 in DrawSrv.dll. The issue resul...

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-35507)

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack versions 0.18.0 and later fixed in version 0.29.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

LeptonCMS Cross-Site Scripting Vulnerability (CNVD-2020-35502)

LeptonCMS is a content management system CMS for the Lepton Project. A cross-site scripting vulnerability exists in LeptonCMS versions prior to 4.6.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to...

PHP-Fusion Cross-Site Scripting Vulnerability

PHP-Fusion is a Malaysian PHP-Fusion company based on MySql and PHP open source lightweight content management system . The system contains modules such as news, articles and forums. A cross-site scripting vulnerability exists in PHP-Fusion version 9.03.50. The vulnerability stems from the lack o...

The vulnerability of the WordPress website content management system, related to insufficient validation of input data, allows attackers to compromise the integrity of the data.

The vulnerability of the WordPress website content management system is related to a JSON GET cache infection error. Exploiting this vulnerability allows an attacker to compromise data integrity...

OPENSUSE-SU-2020:0615-1 Security update for chromium

This update for chromium fixes the following issues: Chromium was updated to 81.0.4044.129 boo1170107: - CVE-2020-0561: Fixed a use after free in storage - CVE-2020-6462: Fixed a use after free in task scheduling - CVE-2020-6459: Fixed a use after free in payments - CVE-2020-6460: Fixed an...

Google Earth Pro Buffer Overflow Vulnerability

Google Earth Pro is a 3D interactive globe from Google USA, which presents a 3D representation of the Earth based primarily on satellite imagery. A buffer overflow vulnerability exists in the khcrypt implementation in Google Earth Pro 7.3.2 and prior versions. The vulnerability stems from a...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2021-28035)

NETGEAR R9000, R7800 and R7500 are a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability to execute...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0615-1 Rating: important References: 1170107 Cross-References: CVE-2020-0561 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6462 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes 5...

openSUSE Security Update : chromium (openSUSE-2020-604)

This update for chromium fixes the following issues : Chromium was updated to 81.0.4044.129 boo1170107 : - CVE-2020-0561: Fixed a use after free in storage - CVE-2020-6462: Fixed a use after free in task scheduling - CVE-2020-6459: Fixed a use after free in payments - CVE-2020-6460: Fixed an...

OPENSUSE-SU-2020:0604-1 Security update for chromium

This update for chromium fixes the following issues: Chromium was updated to 81.0.4044.129 boo1170107: - CVE-2020-0561: Fixed a use after free in storage - CVE-2020-6462: Fixed a use after free in task scheduling - CVE-2020-6459: Fixed a use after free in payments - CVE-2020-6460: Fixed an...

Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Adobe Bridge TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF...

SUAP Cross-Site Scripting Vulnerability

SUAP is a unified public management system of the Brazilian IT Management Board DIGTI. The system supports functions such as personnel management, property control, warehouse management, extended project management and document agreement management. A cross-site scripting vulnerability exists in...