CVE-2017-5028

Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-16064

Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

CVE-2018-17460

Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name...

CVE-2018-16064

CVE-2018-16064 concerns Google Chrome’s Extensions API. It states that insufficient data validation in the Extensions API, for Chrome versions prior to 68.0.3440.75, could let an attacker who tricks a user into installing a crafted extension bypass navigation restrictions. Affected: Google Chrome...

CVE-2018-17460

CVE-2018-17460 affects Google Chrome before 68.0.3440.75. The vulnerability arises from insufficient data validation in filesystem URIs, allowing a remote attacker to spoof the Omnibox (URL bar) content via a crafted domain name. Impact is spoofing of the URL bar, with no confidentiality impact b...

CVE-2017-5028

CVE-2017-5028 affects Google Chrome’s V8 engine. The issue is insufficient data validation in V8 prior to Chrome 56.0.2924.76, enabling a remote attacker to leak cross-origin data via a crafted HTML page. Impact per provided metrics: CVSSv2 base 4.3 (Partial confidentiality), CVSSv3 base 6.5 (Con...

CVE-2018-17460

Removed by vendor...

CVE-2018-16064

Removed by vendor...

CVE-2017-5028

Removed by vendor...

WordPress miniOrange SAML SP Single Sign On Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. miniOrange SAML SP Single Sign On plugin is a single sign on plugin used in it. A cross-site scripting vulnerability exists in the SAM...

TYPO3 Cross-Site Scripting Vulnerability (CNVD-2019-19310)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 versions 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7. The vulnerability stems from a lack of proper validation of client-side data by t...

STOPzilla AntiMalware Denial of Service Vulnerability

STOPzilla AntiMalware is a set of antivirus software from the American company STOPzilla that is mainly used for malware detection and killing. A denial of service vulnerability exists in the szkg64.sys driver file in STOPzilla AntiMalware version 6.5.2.59. The vulnerability originates from a...

STOPzilla AntiMalware Arbitrary Write Vulnerability

STOPzilla AntiMalware is a set of antivirus software from the American company STOPzilla that is mainly used for malware detection and killing. A security vulnerability exists in the szkg64.sys driver file in STOPzilla AntiMalware version 6.5.2.59. The vulnerability originates from a networked...

STOPzilla AntiMalware Denial of Service Vulnerability (CNVD-2019-19486)

STOPzilla AntiMalware is a set of antivirus software from the American company STOPzilla that is mainly used for malware detection and killing. A denial of service vulnerability exists in the szkg64.sys driver file in STOPzilla AntiMalware version 6.5.2.59. The vulnerability originates from a...

STOPzilla AntiMalware Input Validation Error Vulnerability

STOPzilla AntiMalware is a set of antivirus software from the American company STOPzilla that is mainly used for malware detection and killing. An input validation error vulnerability exists in STOPzilla AntiMalware version 6.5.2.59. The vulnerability originates from a network system or product...

Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

KLA11736 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Policy enforcement in Extensions component...

WLAN Buffer Overflow Vulnerability in Multiple Qualcomm Products (CNVD-2019-18598)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product.WLAN is one of the wireless LAN components. A buffer overflow vulnerability exists i...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2019-18595)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Apache Allura Cross-Site Scripting Vulnerability

Apache Allura is the United States Apache Apache Software Foundation's set of open source project hosting platform. The platform supports the management of source code repositories, bug reports, wiki pages and blogs. A cross-site scripting vulnerability exists in the user drop-down selector in...