CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

PT-2021-6079 · Rpm +8 · Rpm +8

Name of the Vulnerable Software and Affected Versions: RPM affected versions not specified Description: The issue is related to insufficient authentication of data in the RPM software's signature check functionality. This allows an attacker to potentially corrupt the RPM database and execute code...

CVE-2021-0386

In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...

CVE-2021-0386

In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-17342111...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation in the United States. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to trigger a...

NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected by multiple vulnerabilities: - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Design/Logic Flaw

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

SAP 3D Visual Enterprise Viewer 安全漏洞

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. A denial of service vulnerability exists in SAP 3D Visual Enterprise Viewer 9. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability by means of a specially crafted .SVG...

PYSEC-2021-127

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

OESA-2021-1065 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromis...

Home-Office Photos: A Ripe Cyberattack Vector

That photo that appears when someone disables his or her Zoom video, or those photos of a remote worker’s home office shared on Instagram may seem innocuous and playful. However, they could become ammunition for threat actors to launch targeted scams and put personal and critical data at risk, a...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-21320 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-21320 Source advisory: OSV:GHSA-52MQ-6JCV-J79X...

The vulnerability of the library for working with SVG images in Apache Batik, related to incorrect processing of data in the “xlink:href” attribute, allows attackers to perform CSRF attacks.

The vulnerability of the Apache Batik library for working with SVG images is related to improper processing of data in the “xlink:href” attribute. Exploiting this vulnerability can allow a remote attacker to perform CSRF attacks using specially crafted GET requests...

Hardcoded credentials

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

UBUNTU-CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

CVE-2021-23974

CVE-2021-23974 affects Mozilla Firefox earlier than version 86. The root cause is improper handling of elements by the DOMParser API, enabling a mXSS vector that could bypass HTML sanitizers. Affected/related advisories (e.g., MFSA2021-07) confirm the DOMParser issue among Firefox vulnerabilitie...