821 matches found
Input validation
The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...
CVE-2023-5654
The CVE-2023-5654 issue affects the React Developer Tools extension and is caused by a content-script listener registered with window.addEventListener('message', …) that fetches a URL derived from a received message without validating/sanitising it. This allows a malicious page to trigger the vic...
CVE-2023-5654
The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...
React Developer Tools Security Vulnerability
Facebook React Developer Tools is a JavaScript library for building user interfaces from Facebook Inc. A security vulnerability exists in React Developer Tools version v4.27.8, which stems from an extension that registers a message listener in content scripts, where code within the listener does...
PT-2023-32240 · Facebook · React Developer Tools
Name of the Vulnerable Software and Affected Versions: React Developer Tools extension affected versions not specified Description: The React Developer Tools extension has a message listener registered with window.addEventListener'message', in a content script accessible to any active webpage in...
The vulnerability of Mixed Reality Developer Tools for Windows operating systems, which allows a hacker to trigger a service failure.
The vulnerability of Mixed Reality Developer Tools for Windows operating systems is related to improper resource cleanup. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2023-36720
Windows Mixed Reality Developer Tools Denial of Service Vulnerability...
CVE-2023-36720
Windows Mixed Reality Developer Tools Denial of Service Vulnerability...
Denial of service
Windows Mixed Reality Developer Tools Denial of Service Vulnerability...
CVE-2023-36720 Windows Mixed Reality Developer Tools Denial of Service Vulnerability
...
CVE-2023-36720
CVE-2023-36720 is a DoS vulnerability in Windows Mixed Reality Developer Tools with a CVSS v3.1 base score of 7.5 (HIGH). It requires network access, has no user interaction, and does not require privileges, with the impact limited to availability (I/N; A=HIGH). The available sources identify the...
CVE-2023-36720 Windows Mixed Reality Developer Tools Denial of Service Vulnerability
...
PT-2023-6068 · Microsoft · Windows Mixed Reality Developer Tools +1
Name of the Vulnerable Software and Affected Versions: Windows Mixed Reality Developer Tools affected versions not specified Description: The issue is related to incorrect resource cleanup, which can be exploited by a remote attacker to cause a denial of service. Recommendations: At the moment,...
KLA61353 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in HTTP/2 protocol can be exploited remotely to cause...
Microsoft Windows Mixed Reality Developer Tools Security Vulnerability
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Mixed Reality Developer Tools. An attacker has exploited the vulnerability to cause a denial of service on the...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service attack. Of the vulnerabilities with reference CVE-2023-44487, Microsoft has information that they are being exploited to a limited extent. HTTP/2:...
NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
Description The plugin does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks 1. Create a gallery and upload an image. 2. Add the NextGEN Gallery block to a page and click Edit. Select the Gallery creat...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant himself elevated privileges granted privileges or execute arbitrary code with privileges from the developer. Successful exploitation requires the...
Azure vs. AWS Developer Tools Guide
Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...
KLA60561 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Visual Studio can be...