CVE-2019-15030

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes via a Facility Unavailable exception. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupte...

Memory Corruption Vulnerability in DCCE HMIware at Dalian Polytechnic Computer Control Engineering Co.

DCCE HMIware configuration editing software, is a special human-machine interface configuration software developed for DCCE touch screen, the software provides users with a powerful integrated development environment, the product is widely used in the field of medical, chemical, electric power,...

DRUPAL-CONTRIB-2020-008

SVG Image module allows to upload SVG files. The module did not sufficiently protect against malicious code inside SVG files leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to upload an SVG file...

Arbitrary File Read Vulnerability in AppVision's Video Surveillance System

Applusoft specializes in UHD, ultra-long focus, multi-spectral, thermal imaging products, technical services and overall customized solutions. AppVision's video surveillance system has an arbitrary file reading vulnerability, the vulnerability is due to its video surveillance backend does not do...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-30402)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to obtain thumbnails of content in private mode...

DEBIAN-CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

PYSEC-2020-28

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

GHSA-M6XF-FQ7Q-8743 Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag

Impact A mutation XSS affects users calling bleach.clean with all of: the svg or math in the allowed/whitelisted tags an RCDATA tag see below in the allowed/whitelisted tags the keyword argument strip=False Patches Users are encouraged to upgrade to bleach v3.1.2 or greater. Workarounds modify...

ImpressCMS 1.3.11 - Why you should not trust PHP_SELF

We scanned the at the time current version 1.3.11 of ImpressCMS and found an unauthorized SQL Injection vulnerability. The exploit affects installations that use PDO as a database driver. The issue was fixed in version 1.4.0, though the patch does not follow best practices and might not be...

Security Bulletin: IBM Integration Bus is affected by a Open Source Apache Tomcat Vulnerability (CVE-2017-5664 )

Summary IBM Integration Bus has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2017-5664 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by t...

Microsoft Warns of Critical Windows Zero-Day Flaws

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...

DEBIAN-CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

USN-4306-1 dino-im vulnerabilities

It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs...

Fuji Xerox printers buffer overflow vulnerability

Fuji Xerox is the world's largest manufacturer of digital and information technology products and a Fortune 500 company. Fuji Xerox series of printer products can meet a variety of different business needs. A wide range of black and white color digital printers offer high performance and quality....

Microsoft Windows Graphics Component Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Graphics Components is one of the graphics components. A privilege vulnerability exists in...

Glassdoor: web.xml configuration file disclosure

Information disclosed via https://www.glassdoor.com/web.xml which has been resolved. Thanks, @stregh for your report and find. Looking forward to more reports from you. CVE-2021-34429 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...

Cross site scripting

A vulnerability has been identified in Spectrum Power™ 5 All versions v5.50 HF02. The web server could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to...

CVE-2020-7579

A vulnerability has been identified in Spectrum Power™ 5 All versions v5.50 HF02. The web server could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to...

kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes via a Facility Unavailable exception. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupte...