5838 matches found
chromium -- multiple vulnerabilities
Chrome Releases reports: This release includes 16 security fixes, including: 1148749 High CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group on 2020-11-13 1153595 High CVE-2021-21107: Use after free in drag and drop...
Google Android Buffer Error Vulnerability
Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android OS suffers from a buffer error vulnerability that originates when a networked system or product performs an operation in memory without properly validating data boundaries,...
Unspecified Vulnerability in Google Chrome (CNVD-2021-27274)
Google Chrome is a web browser from Google, an American company. Google chrome has a security vulnerability that stems from insufficient data validation in V8. A remote attacker can exploit the vulnerability to conduct a potential attack by leveraging heap corruption via a crafted HTML page...
Trend Micro IMSVA External Entity Injection (CVE-2020-27017)
An XXE vulnerability exists in Trend Micro InterScan Messaging Virtual Appliance. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction...
cacti -- SQL Injection was possible due to incorrect validation order
Cati team reports: Due to a lack of validation, datadebug.php can be the source of a SQL injection...
Grupo Crk Banking Business Platform Cross-Site Scripting Vulnerability
Grupo Crk Banking Business Platform is a business management software from Grupo Crk, Portugal. A cross-site scripting vulnerability exists in CRK Business Platform version 2019.1 and prior versions, which stems from the application lacking proper validation of client-side data CRK, IDContratante...
WHO COVID-19 Mobile App: Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users
Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value typically OOS since it's not directly exploitable https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On th...
Arbitrary Code Execution
chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient data validation in webUI that allows a local attacker to bypass content security policy via a crafted HTML page...
Privilege Escalation
chromium is vulnerable to privilege escalation. Insufficient data validation in navigation allows a remote attacker who has compromised the renderer process to bypass navigation restrictions via a malicious HTML page...
Information Disclosure
chromium is vulnerable to information disclosure. The vulnerability exists through insufficient data validation in dialogs that allows a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...
Arbitrary Code Execution
chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient data validation in media that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Insufficient Data Validation
Insufficient data validation in Omnibox in Google Chrome allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
Cross-Site Scripting (XSS)
chromium is vulnerable to cross-site scripting. Insufficient data validation in WebUI allows a remote attacker, who has compromised the renderer process, to inject scripts or HTML into a privileged page via a malicious HTML page...
Authorization Bypass
chromium is vulnerable to authorization bypass. Insufficient data validation in Blink allows an attacker to bypass authorization...
Authorization Bypass
chromium is vulnerable to authorization bypass. The vulnerability exists through insufficient data validation in WASM...
Privilege Escalation
chromium is vulnerable to Privilege Escalation. Insufficient data validation in installer allows a local attacker to elevate privilege via a malicious filesystem...
CVE-2020-15293
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions...
CVE-2020-15292
CVE-2020-15292 affects Bitdefender HVI (VA-9333). The vulnerability stems from lack of validation when reading data from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree. Consequences described in sources include out-of-bou...
CVE-2020-15292 Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor IntPeGetDirectory, TOCTOU IntPeParseUnwindData or insufficie...
(0Day) Eaton EASYsoft E70 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of E70...