8219 matches found
CVE-2021-23974
The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...
Cross-site Scripting(XSS)
firefox is vulnerable to cross-site scripting The DOMParser API did not properly process elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer...
AutoTrace Input Validation Error Vulnerability
AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. An input validation error vulnerability exists in Autotrace version 0.31.1, which arises from a networked system or product that does not properly validate incoming data. No detailed vulnerability details ar...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway (CVE-2020-14803, CVE-2020-27221)
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway These issues were disclosed as part of the IBM Java SDK updates in January, 2021. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE coul...
RUSTSEC-2021-0050 swap_index can write out of bounds and return uninitialized memory
swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...
Security Bulletin: A security vulnerability in Node.js nodemailer module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js nodemailer module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the recipient email...
CVE-2020-35852
Chatbox is affected by cross-site scripting XSS. An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS...
Mozilla Firefox < 86.0
The version of Firefox installed on the remote Windows host is prior to 86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-07 advisory. - Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present ...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
Securing Your Web App, One Robot at a Time
Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...
misc::vec_with_size() can drop uninitialized memory if clone panics
misc::vecwithsize creates a vector of the provided size and immediately calls vec.setlensize on it, initially filling it with uninitialized memory. It then inserts elements using veci = value.clone. If the value.clone call panics, uninitialized items in the vector will be dropped leading to...
CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...
Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2020-14782 was disclosed as part of the Oracle October 2020 Critical Patch Update. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...