Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17951)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...

Information Disclosure

libvpx.so is vulnerable information disclosure. A lack of proper validation of data length in the function vp8decodeframe of decodeframe.c leads to an out-of-bound reads during the reading of frames, allowing a user without no additional privilege to disclose information if error correction mode ...

Microsoft Windows Media Player AVI Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Apache OFBiz Cross-Site Scripting Vulnerability (CNVD-2020-16521)

Apache OFBiz is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A cross-site scripting vulnerability exists in Apache OFBiz. The vulnerability stems from the WEB...

CVE-2019-14045

Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130...

Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354)

A template injection vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper validation of data in the title parameter. Successful exploitation could result in command execution on the target machine in the context of the application...

Mozilla Bleach Cross-Site Scripting Vulnerability

Mozilla Bleach is an HTML cleanup library from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Bleach versions prior to 3.11. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

The vulnerability of Microsoft Hyper-V’s hardware virtualization technology and the Windows operating system allows a perpetrator to trigger a service failure.

The vulnerability of Microsoft Hyper-V hardware virtualization technology and the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Design/Logic Flaw

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and versio...

Oracle Weblogic Server Remote Code Execution (CVE-2019-2888)

An External Entity Injection vulnerability exists in Oracle Weblogic. This vulnerability is due to insufficient validation of XML data. A remote attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation of this vulnerability could result...

Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2020-14669)

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A cross-site scripting vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can...

IBL Online Weather Cross-Site Scripting Vulnerability

IBL Online Weather is a weather service software from iblsoft. A cross-site scripting vulnerability exists in IBL Online Weather versions prior to 4.3.5a. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerabilit...

Go SSH Denial of Service Vulnerability

Go SSH is an extremely clean ssh tool developed using the go language for remotely managing linux, unix and other machines. Go SSH suffers from a denial of service vulnerability that stems from a networked system or product that does not properly validate incoming data, which can be exploited by ...

DNN cross-site scripting vulnerability (CNVD-2020-13479)

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. DNN 9.4.4 and previous versions of cross-site scripting vulnerability. The...

MGASA-2020-0097 Updated ipmitool packages fix security vulnerability

Updated ipmitool package fix security vulnerability: Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side CVE-2020-5208...

WordPress Modula Image Gallery Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language.Modula Image Gallery is used in one of the gallery gallery plugin. A cross-site scripting vulnerability exists in WordPress Modula Image Gallery versions prior to 2.2.5. The vulnerability stems from ...

Western Digital My Cloud Cross-Site Scripting Vulnerability

Western Digital My Cloud is a personal cloud storage device from Western Digital. A cross-site scripting vulnerability exists in Western Digital mycloud.com Web version versions prior to 2.2.0-134. The vulnerability stems from the WEB application lacking proper validation of client data. An...

CVE-2020-8860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O8.x, P9.0, Q10.0 devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The...

Cross-Site Scripting (XSS)

reveal.js is vulnerable to cross-site scripting XSS attacks. It is possible because it does not restrict the data such as code, description and callback from arbitrary origins and allows the SetupPostMessage to invoke methods without validating the data.method against any blacklisting, directly...

SimpleSAMLphp cross-site scripting vulnerability (CNVD-2020-10607)

SimpleSAMLphp is a PHP authentication application that implements the SAML 2.0 Service Provider and Identity Provider features. A cross-site scripting vulnerability exists in SimpleSAMLphp. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attack...