Adive Framework Cross-Site Scripting Vulnerability

Adive Framework is a PHP-based MySQL database management framework . A cross-site scripting vulnerability exists in Adive Framework. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-si...

Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Foxit PhantomPDF HTML2PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of...

Lustre ptlrpc module buffer overflow vulnerability (CNVD-2020-07306)

Lustre is a parallel distributed file system typically used in large computer clusters and supercomputers, of which Lustre ptlrpc is a module. A buffer overflow vulnerability exists in the Lustre ptlrpc module. The vulnerability stems from a networked system or product performing operations in...

Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

The vulnerability in the smtp_mailaddr function (smtp_session.c) of the OpenSMTPD mail daemon on the OpenBSD operating system allows a hacker to elevate their privileges and execute arbitrary commands with root privileges.

The vulnerability in the smtpmailaddr function smtpsession.c of the OpenSMTPD mail daemon on the OpenBSD operating system is related to the lack of data validation during return operations. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands with root...

Foxit PhantomPDF JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of...

CVE-2020-6416

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

WordPress Strong Testimonials Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Strong Testimonials versions prior to 2.40.1. The...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2020-04346)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2020-04347)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

python-markdown2 cross-site scripting vulnerability

python-markdown is a library for python. A cross-site scripting vulnerability exists in python-markdown2 versions prior to 1.0.1.14. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-si...

MassCode Cross-Site Scripting Vulnerability

massCode is the open source code segment manager. A cross-site scripting vulnerability exists in massCode version 1.0.0-alpha.6, which stems from the lack of proper validation of client-side data in a web application and can be exploited by an attacker to execute client-side code...

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...

MGASA-2020-0070 Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...

The vulnerability of the BGP protocol implementation in Cisco IOS XR allows a attacker to cause a service failure.

The vulnerability of the BGP protocol implementation in Cisco IOS XR exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the ThinPro Linux operating system’s VPN implementation allows a hacker to execute arbitrary commands in the superuser mode.

The vulnerability of the ThinPro Linux operating system’s VPN implementation exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands in superuser mode...