Design/Logic Flaw

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-2857

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

AZL-10819 CVE-2022-1271 affecting package gzip for versions less than 1.12-1

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Jenkins discloses project names via fingerprints

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request...

USN-5064-2 cpio vulnerability

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...

FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd

Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization CWE-362 and one of authentication bypass by capture-replay CWE-294, may allow a remote unauthenticated attacker to...

Stack overflow

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...

ROS-2-1825

2.1825 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

Google Android Denial of Service Vulnerability (CNVD-2021-78778)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. a denial-of-service vulnerability exists in the Framework component of Google Android. A remote attacker can exploit this vulnerability to cause a denial of service...

QSAN Storage Manager Access Control Error Vulnerability (CNVD-2021-48979)

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An access control error vulnerability exists in FirmwareUpgrade in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker could exploit this vulnerability to reboot and disrupt the device...

White Shark System (WSS) SQL Injection Vulnerability

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...

CVE-2021-20728

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

Jira Server and Jira Data Center cross-site scripting vulnerability (CNVD-2021-44763)

Atlassian JIRA Server and Jira Server & Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. The system is mainly used for tracking and managing all kinds of problems and defects in the workplace.Jira Server & Dat...

Google Chrome post-release reuse vulnerability (CNVD-2021-41140)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability in WebAuthentication in versions prior to Google Chrome 91.0.4472.77 can be exploited by a remote attacker to corrupt the rendere...

Shopizer Cross-Site Scripting Vulnerability

Shopizer is a Java open source e-commerce software. A stored cross-site scripting vulnerability exists in Shopizer versions prior to 2.17.0. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the customername in various forms managed by the store...

Samsung Email Information Disclosure Vulnerability (CNVD-2021-39551)

Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. An information disclosure vulnerability exists in versions prior to Samsung Email 6.1.41.0, which can be exploited by a remote attacker to obtain attachments t...

CVE-2021-21222

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

ASUS BMC Firmware Security Feature Issue Vulnerability (CNVD-2021-36011)

ASUS BMC Firmware is a firmware from Asus China. The ASUS BMC Firmware suffers from a security signature issue vulnerability that stems from a buffer overflow vulnerability due to the Radius configuration function failing to validate the length of a user-entered string. A remote attacker could...