EZVIZ APP 安全漏洞

EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...

EUVD-2018-0766

Malware in sbrugna...

CVE-2024-22069

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords...

PT-2024-19183 · Zte · Zte Zxv10 Xt802/Et301

Name of the Vulnerable Software and Affected Versions: ZTE ZXV10 XT802/ET301 product affected versions not specified Description: The issue is related to a permission and access control vulnerability. Attackers with common permissions can log in to the terminal web and change the administrator's...

Selesta Visual Access Manager 安全漏洞

Selesta Visual Access Manager is a visual access manager from Selesta. A security vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to modify and receive ID-related computer POST parameters via POST HTTP request interception...

SUSE CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

SUSE: Security Advisory (SUSE-SU-2022:4058-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Security Advisories (MFSA2022-47, MFSA2022-49) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

DEBIAN-CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

ALPINE-CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

UBUNTU-CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

PT-2021-13844 · Privoxy +3 · Privoxy +3

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw was found that could result in a crash if accept-intercepted-requests was enabled. This occurs when Privoxy fails to get the request destination from the Host header and a memory allocation...

kubernetes: compromised node could escalate to cluster level privileges

A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...

MGASA-2020-0433 Updated thunderbird packages fix security vulnerabilities

Variable time processing of cross-origin images during drawImage calls. CVE-2020-16012 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. CVE-2020-26951 Fullscreen could be enabled without displaying the security UI. CVE-2020-26953 XSS through paste manual...

Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting Vulnerability

Matrix42 Workspace Management version 9.1.2.2765 suffers from a persistent cross site scripting vulnerability. Matrix42 Workspace Management 9.1.2.2765 – Stored Cross-Site Scripting =============================================================================== Identifiers...

The vulnerability of the Cisco Unified Contact Center Express software automation tool, which arises due to insufficient validation of input data, allows attackers to execute cross-site scripting attacks or gain access to confidential information.

The vulnerability of the Cisco Unified Contact Center Express software for automating operator operations exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting attacks or gain access to confidential information ...

CVE-2017-1559

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758...

CVE-2017-12254

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server...