16 matches found
MiracleLinux 7 : xorg-x11-server-1.20.4-99.0.1.el7.AXS7 (AXSA:2025-10843:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10843:03 advisory. CVE-2025-26594: refuse to free the root cursor and keep its ref CVE-2025-26595: fix buffer overflow in XkbVModMaskText CVE-2025-26596: xkb: fix...
CVE-2025-59987
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
EUVD-2025-33380
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59987
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59987
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59987 Junos Space: The arbitrary device search field is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59987 Junos Space: The arbitrary device search field is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59987
Summary: CVE-2025-59987 describes an XSS vulnerability in Juniper Networks Junos Space prior to version 24.1R4. An attacker can inject script tags in the arbitrary device search field, which, when visited by another user, may execute commands with the target’s permissions (including administrator...
PT-2025-41423
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...
CLSA-2025-1756409662 xorg-x11-server: Fix of 8 CVEs
CVE-2025-26594: refuse to free the root cursor and keep its ref - CVE-2025-26595: fix buffer overflow in XkbVModMaskText - CVE-2025-26596: xkb: fix computation of XkbSizeKeySyms - CVE-2025-26597: xkb: fix buffer overflow in XkbChangeTypesOfKey - CVE-2025-26598: Xi: Fix barrier device search -...
CVE-2022-45432
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Serve...
AZL-57301 CVE-2025-26598 affecting package xorg-x11-server 1.20.10-6
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...
CVE-2022-45432
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Serve...
CVE-2019-15810
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter...
Design/Logic Flaw
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter...
US Journalist Detained When Returning to US
Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted...