Google Chrome Resource Management Error Vulnerability (CNVD-2021-04393)

Google Chrome is a web browser from Google, an American company. Google chrome suffers from a resource management error vulnerability that is caused by a use-after-free error in the Google Chrome Extensions component. A remote attacker could create a specially crafted web page, trick a victim int...

Backup File Download Vulnerability in OTCMS

OTCMS Nettie CMS is an article-based web content management system CMS. OTCMS has a database backup file download vulnerability, which can be exploited by an attacker to obtain the database backup file by generating a logical error in the backup file name part...

Cisco IOS and IOS XE Denial of Service Vulnerability (CNVD-2021-43439)

Cisco IOS and IOS XE are both operating systems developed by Cisco in the United States for its network devices. A denial of service vulnerability exists in the PROFINET feature of Cisco IOS and IOS XE, which can be exploited by an attacker to cause the device to crash and reload by sending...

Google Android WhatsApp Information Disclosure Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA.System is one of the system components.Email is one of the email components.WhatsApp is a set of mobile applications that utilize the web to deliver text messages from Google and the Open Handheld...

Unspecified Vulnerability in VMware Spring Cloud Netflix

Spring Cloud Netflix is various Netflix OSS component integrations. A security vulnerability exists in VMware Spring Cloud Netflix versions 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and unsupported older versions, which can be exploited by an attacker to send requests to other servers...

Unspecified Vulnerability in CloudBees Jenkins HP ALM Quality Center Plugin

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

OpenClinic GA Cross-Site Scripting Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A cross-site scripting vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which stems from the lack...

Unspecified Vulnerability in Red Hat OpenShift Service Mesh istio-rhel8-operator

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat, U.S.A. istio-rhel8-operator is one of the programs used to manage the Istio control plane installation. A security vulnerability exists in...

Squid Denial of Service Vulnerability (CNVD-2021-36603)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in version 5.x of Squid prior to 5.0.3. An attacker can exploit this vulnerability to...

Linux kernel Linux scheduler logic flaw vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the U.S. Linux scheduler is one of the process scheduling applications. A security vulnerability exists in Linux scheduler in Linux kernel. An attacker can exploit the vulnerability to...

Denial of Service Vulnerability in Multiple NETGEAR Products (CNVD-2021-28036)

NETGEAR SRX5308 and others are products of NETGEAR, Inc.NETGEAR SRX5308 is a VPN firewall device.NETGEAR FVS336G is a VPN virtual private network firewall router.NETGEAR FVS318N is a VPN virtual private network firewall Router. A security vulnerability exists in multiple NETGEAR products. An...

Micro Focus Enterprise Server and Enterprise Developer Insufficient Credential Protection Vulnerability

Micro Focus Enterprise Server and Micro Focus Enterprise Developer are both products of Micro Focus, a British company.Micro Focus Enterprise Server is an enterprise server. Micro Focus Enterprise Server is an enterprise server that provides a deployment environment for mainframe applications.Mic...

WebCalendar 1.1.6 - search.php Cross-Site Scripting

WebCalendar 1.1.6 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically...

Ocean12 Calendar Manager 1.0 - Admin Form SQL Injection

source: https://www.securityfocus.com/bid/13279/info Ocean12 Calendar Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromis...

Apple Safari 1.2 Web Browser - TABLE Status Bar URI Obfuscation

source: https://www.securityfocus.com/bid/11573/info A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users th...

Jan Erdmann Jebuch 1.0 - HTML Injection

Jan Erdmann Jebuch 1.0 - HTML Injection source: https://www.securityfocus.com/bid/11463/info It is reported that Jebuch is susceptible to an HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. This may allow an attacker to inje...

PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection

PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using ...

Darwin Streaming Server denial-of-service vulnerability

An attacker can cause an assertion to trigger by sending a long User-Agent field in a request...

Buffer Overflow in Yahoo messenger Client

Date: Oct 26, 2003 Title: Buffer Overflow in Yahoo messenger Client Vulnerable systems: Yahoo! Messenger version 5.6.0.X Summary: Vulnerability in Yahoo Messenger File Transfer option allows a remote attacker to shut down the victim client. Details: The Yahoo messenger service filters some specia...

PHP-Nuke 6.06.5 Forum Module - viewforum.php SQL Injection

PHP-Nuke 6.06.5 Forum Module - viewforum.php SQL Injection source: https://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a...