OTCMS cross-site scripting vulnerability (CNVD-2019-24208)

OTCMS Nettie CMS is an article-based web content management system CMS. A cross-site scripting vulnerability exists in OTCMS version 3.81. The vulnerability stems from the lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute...

LayerBB cross-site scripting vulnerability (CNVD-2019-24206)

LayerBB is a small set of forum software. A cross-site scripting vulnerability exists in LayerBB version 1.1.3. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...

Apple Safari operationPutByValOptimize Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

RANGER Studio Directus Cross-Site Scripting Vulnerability

RANGER Studio Directus is the United States RANGER Studio company's set of open source for managing custom databases open source headless CMS and API. A cross-site scripting vulnerability exists in the interfaces/markdown/input.vue file in RANGER Studio Directus version 7 prior to Application...

WordPress WebAppick WooCommerce Product Feed Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WebAppick WooCommerce Product Feed is a plugin used in WordPress to generate product feed data. A cross-site scripting...

The vulnerability of the goldendict software package for the Astra Linux operating system arises from a validation error in the input data received from web servers. This error allows attackers to trigger a service failure.

The vulnerability of the goldendict software package for the Astra Linux operating system is related to a validation error in the input data received from web servers. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Huawei PC Manager Authorization Issues Vulnerability

Huawei PC Manager is a computer management application from Huawei China. An authorization issue vulnerability exists in Huawei PC Manager version 9.1.3.1, which arises from the driver's interface not adequately validating data from the userland. An attacker could exploit the vulnerability to...

ZTE OTCP Cross-Site Scripting Vulnerability

ZTE OTCP is a set of next-generation network management platform products from China's ZTE Corporation ZTE. A cross-site scripting vulnerability exists in ZTE OTCP 1.19.20.02 and earlier versions. The vulnerability stems from the lack of proper validation of client data by the WEB application. An...

GNU C Library Buffer Overflow Vulnerability (CNVD-2019-23063)

The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A buffer overflow vulnerability exists in nptl in the GNU C Library. The vulnerability arises from a networked system or product performing operations in memory without properly validating data...

Emoncms Cross-Site Scripting Vulnerability (CNVD-2019-22862)

Emoncms is an open source web application. The program is primarily used to process, record and display energy, temperature and other environmental data. A cross-site scripting vulnerability exists in Emoncms version 9.8.8. The vulnerability stems from the WEB application's lack of proper...

InterSystems Cache Cross-Site Scripting Vulnerability

InterSystems Cache is a database management system from InterSystems, Inc. in the United States. The system is primarily used for the development of software applications in healthcare management, banking and financial services, government and other industries. A cross-site scripting vulnerabilit...

Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Excel Filename Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue results from the lack of proper...

Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Bridge CC SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG...

WordPress Rencontre Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Rencontre plugin is a social networking site creation plugin used in it. A cross-site scripting vulnerability exists in WordPress...

MailEnable Enterprise Premium Cross-Site Scripting Vulnerability

MailEnable Enterprise Premium is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in MailEnable Enterprise Premium version 10.23. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...

The vulnerability of the fly-weather software package for the Astra Linux operating system, related to a validation error in the input data received from web servers, allows attackers to trigger a service failure.

The vulnerability of the fly-weather software package for the Astra Linux operating system is related to a validation error in the input data received from the web server. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...