537 matches found
Design/Logic Flaw
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...
CVE-2020-15680
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...
CVE-2020-15680
CVE-2020-15680 affects Firefox ≤ 82.0 where referencing a valid external protocol handler in an image tag lets an attacker probe if a protocol handler is registered by distinguishing broken image sizes. The underlying issue is an information disclosure vulnerability related to image tag handling ...
CVE-2020-15680
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...
CVE-2020-15680
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...
CVE-2020-15680
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...
UBUNTU-CVE-2020-15680
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...
Security Vulnerabilities fixed in Firefox 82 — Mozilla
A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::fromiter had allocated capacity that was the same as the numbe...
Oracle Linux 7 : curl (ELSA-2020-3916)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3916 advisory. - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - CVE-2016-8615 cookie injection for...
CVE-2020-3430 Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability
A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this...
CVE-2020-3430 Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability
A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this...
Cisco Jabber for Windows Protocol Handler Command Injection (cisco-sa-jabber-vY8M4KGB)
According to its self-reported version, Cisco Jabber for Windows is affected by a Windows Protocol Handler Command Injection vulnerability. The vulnerability exists in the web-based user interface due to improper handling of input to the application protocol handlers. An unathenticated, remote...
CVE-2020-3495
Cisco Jabber is vulnerable to Cross Site Scripting XSS through XHTML-IM messages. The application does not properly sanitize incoming HTML messages and instead passes them through a flawed XSS filter. Recent assessments: wvu-r7 at September 03, 2020 7:38pm UTC reported: This XSS combined with...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...
chromium-browser: Inappropriate implementation in external protocol handlers
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...
CVE-2020-6522
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...
Input validation
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol handler of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficien...
Directory Traversal
thunderbird is vulnerable to directory traversal. The vulnerability exists as a directory traversal flaw was found in the Thunderbird resource:// protocol handler. Malicious content could cause Thunderbird to access arbitrary files accessible to the user running Thunderbird...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1271)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-9197
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code...