PT-2020-4374 · Microsoft · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: A remote code execution issue exists in Microsoft Excel software due to its failure to properly handle objects in memory. This could allow an attacker to run arbitrary code in the...

PT-2020-4377 · Microsoft · Office Excel +2

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: A remote code execution issue exists in Microsoft Excel software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of...

Informatica: Cross-site Scripting (XSS) - DOM - iqcard.informatica.com

Hello all I found a DOM based XSS at iqcard.informatica.com Description After finding the path iqcard.informatica.com/pub/fujitsu/fm3v2/player/attach.html. I noticed that the code inside attach.html was vulnerable to DOM XSS, due to the fact of the javascript document.location function. search. T...

Sheng Zhang-Slice App has Denial of Service Vulnerability

Moment is a social chat app. A denial-of-service vulnerability exists in the Zhangsheng-Slice Moment app, which can be exploited by an attacker to cause a running app application to crash...

UBUNTU-CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

PT-2023-27226 · Libvips +3 · Libvips +3

Name of the Vulnerable Software and Affected Versions: libvips versions 8.14.3 or earlier Description: A specially crafted SVG input can cause libvips to segfault when attempting to parse a malformed UTF-8 character. libvips is a demand-driven, horizontally threaded image processing library...

WarezTheRemote: Turning Remotes into Listening Devices

Television remotes have gotten little attention as a potential attack vector – despite being one of the most common household devices you can find...

Oracle Linux 7 : OpenEXR (ELSA-2020-4039)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4039 advisory. - fix CVE-2020-11764 1833552 - fix CVE-2020-11763 1833566 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

Sql injection

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

Authentication flaw

Improper Authentication vulnerability in WAGO 750-8XX series with FW version = FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO...

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

OpenEXR: std:: vector out-of-bounds read and write in ImfTileOffsets.cpp

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

RHEL 7 : OpenEXR (RHSA-2020:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4039 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This...

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

...

UBUNTU-CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...