Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...

(Pwn2Own) Amazon Echo Show Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon Echo Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Red Hat Ceph Object Gateway Cross-Site Scripting Vulnerability

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-27216)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-27214)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR RBR50 version prior to 2.3.5.30, RBS50 version prior to 2.3.5.30, and RBK50 version prior to 2.3.5.30, which stems from the lack of proper validation of client-side data ...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-26944)

NETGEAR D7800 and others are products of NETGEAR, Inc.NETGEAR D7800 is a wireless modem.NETGEAR R7500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR R7500 is a wireless router.NETGEAR R7500 is a wireless router.NETGEAR R7500 is a wireless router.NETGEAR R7500 is a wireless...

NETGEAR RAX40 Cross-Site Scripting Vulnerability (CNVD-2020-24162)

The NETGEAR RAX40 is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR RAX40 prior to version 1.0.3.62, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

NETGEAR RBR50, RBS50 and RBK50 Cross-Site Scripting Vulnerabilities

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR RBR50 version prior to 2.3.5.30, RBS50 version prior to 2.3.5.30, and RBK50 version prior to 2.3.5.30, which stems from the lack of proper validation of client-side data ...

Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-24416)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-24411)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

The vulnerability of the Ceph storage system arises from insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the Ceph storage system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway is affected by CVE-2020-10613 (and related CVEs) in versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122 due to an out-of-bounds read from improper validation of user-supplied data in DNP3 Data Sets. The vulnerability allows remote attackers to disclose sensitiv...

Intel Wi-Fi Link Driver Netwtw04 Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Intel Wi-Fi Link Driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.11 frames. The issue results from the lack of...

SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME. The vulnerability stems from a lack of proper...

Microsoft Windows JET Database Engine Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...

Torchbox Wagtail Cross-Site Scripting Vulnerability

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A cross-site scripting vulnerability exists in Torchbox Wagtail version 2.8.1 and versions prior to 2.7.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

WordPress Media Library Assistant Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Media Library Assistant is a media library assistant plugin used in it. A cross-site scripting vulnerability exists in Wordpress Media...

The vulnerability of Xen hypervisors arises from insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of Xen hypervisors exists due to insufficient checking of input data. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of Google Chrome, related to insufficient validation of input data, allows a perpetrator to compromise data integrity.

The vulnerability of Google Chrome relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially crafted HTML page...