5836 matches found
Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2020-03708)
Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS version 1.13.x before 1.13.5 and version 1.14.x before 1.14.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker...
CVE-2019-10614
Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...
CVE-2019-10614
CVE-2019-10614 affects Qualcomm Snapdragon firmware across many devices (Auto/Compute/Connectivity, etc.). Root cause: no validation of data length against received packet size in malicious firmware, leading to out-of-bounds access. Impact stated as high-risk, with network attack vector and parti...
SolarWinds Serv-U FTP Server Cross-Site Scripting Vulnerability (CNVD-2019-46256)
SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A cross-site scripting vulnerability exists in SolarWinds Serv-U FTP Server version 15.1.7. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker coul...
openSUSE Security Update : chromium (openSUSE-2019-2692)
This update for chromium fixes the following issues : Chromium was updated to 79.0.3945.79 boo1158982 - CVE-2019-13725: Fixed a use after free in Bluetooth - CVE-2019-13726: Fixed a heap buffer overflow in password manager - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets -...
MediaWiki VisualEditor Cross-Site Scripting Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems.VisualEditor is a rich text editor extension used in it. A cross-site...
Lenovo Power Management Driver Denial of Service Vulnerability
Lenovo Power Management is a system designed by Lenovo specifically for notebook computers to manage notebook power. It provides control of the performance and power consumption of various components of the laptop through a combination of software and hardware. A denial of service vulnerability...
The vulnerability of the Intel Graphics Driver’s API driver component allows a hacker to trigger a service failure.
The vulnerability of the Intel Graphics Driver’s API driver component exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
Advantech DiagAnywhere FOLDER_CREATE Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech DiagAnywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FOLDERCREATE messages. The issue results from the lack of proper...
(0Day) WECON PLC Editor WCP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wecon PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of W...
WordPress CleanTalk cleantalk-spam-protect cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CleanTalk cleantalk-spam-protect is a spam-protection plugin used in it. A cross-site scripting vulnerability exists in WordPress...
CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...
Microsoft Windows Media Player Color Transform Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Envoy Buffer Overflow Vulnerability
Envoy is an open source distributed proxy server . A buffer overflow vulnerability exists in Envoy version 1.12.0. The vulnerability stems from a networked system or product that performs operations in memory without properly validating data boundaries, resulting in incorrect read and write...
CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...
Input validation
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...
CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...
CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...
CVE-2019-13750
CVE-2019-13750 affects Google Chrome (Chromium) where the SQLite component used by Chrome allowed insufficient data validation, enabling a remote attacker to bypass defense-in-depth via a crafted HTML page. Affected product: Chrome/Chromium with the SQLite library integrated; root cause: data val...
CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...