CVE-2020-35523

An integer overflow flaw was found in libtiff that exists in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-29455

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...

SUSE-SU-2020:3369-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 go42560 cmd/go: arbitrary code can be injected into cgo...

Mozilla Firefox Remote Code Execution (CVE-2008-1236)

A memory corruption vulnerability exists in Mozilla Firefox. A remote attacker can exploit this vulnerability by persuading the target user to open a malicious webpage. Successful attacks could allow for arbitrary code injection and execution with the privileges of the currently logged on user...

Arbitrary Code Injection

firefox is vulnerable to arbitrary code injection. When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy...

Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU - April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511)

Summary Security vulnerability in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software..The CVE CVE-2017-3511 were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability...

Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with...

Security Update for Microsoft Visual Studio Code (CVE-2020-1416)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.47.1. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana security update

An update for servicemesh-grafana is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Multiple cross-site scripting vulnerabilities in Testimonials Widget 3.5.1 and lower allow remote attackers to inject arbitrary Javascript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL Successful exploitation of this vulnerability would allow...

Arbitrary Code Injection

thenify is vulnerable to arbitrary code execution. Untrusted user input is passed to the eval function which would allow an attacker to inject and execute arbitrary code on the system...

DEBIAN-CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

Arbitrary Code Injection

Overview serialize-javascript is a package to serialize JavaScript to a superset of JSON that includes regular expressions and functions. Affected versions of this package are vulnerable to Arbitrary Code Injection. An object like "foo": /1"/, "bar": "a"@R--0@" would be serialized as "foo": /1"/,...

CVE-2020-4298

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

Mitel Networks ShoreTel Conference Cross-Site Scripting Vulnerability

Mitel Networks ShoreTel Conference is a suite of teleconferencing solutions from Mitel Networks Canada. A cross-site scripting vulnerability exists in the home.php file in Mitel Networks ShoreTel Conference version 19.50.1000.0. A remote attacker can exploit this vulnerability to inject arbitrary...

Arbitrary Code Injection

thunderbird is vulnerable to arbitrary code injection. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running...

CVE-2019-1414

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’. Recent assessments: goodlandsecurity at May 20, 2020 2:28am UTC reported: Vulnerability: An elevation ...

Arbitrary Code Injection

hot-formula-parser is vulnerable to arbitrary code injection. The vulnerability exists due to the lack of sanitization of the value of yytext, which is used in the exec command...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...