Microsoft Edge (Chromium) < 81.0.416.64 Multiple Vulnerabilities

The version of Microsoft Edge Chromium installed on the remote Windows host is prior to 81.0.416.64. It is, therefore, affected by multiple vulnerabilities: - Out of bounds read and write in PDFium in Microsoft Edge Chromium allowed a remote attacker to potentially exploit heap corruption via a...

CVE-2020-15899

Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble...

Input validation

Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble...

CVE-2020-15899

CVE-2020-15899 affects Grin:1 Grin 3.0.0 before 4.0.0 with insufficient validation of data related to Mimblewimble. Root cause: inadequate data validation in the Mimblewimble data path. Impact (per sources): availability impact (partial) and potential crash (CNVD note). Upstream mitigation: upgra...

OSIsoft PI Vision Cross-Site Scripting Vulnerability (CNVD-2020-44877)

OSIsoft PI Vision is a suite of visualization tools from OSIsoft, Inc. that supports accessing PI System data from mobile devices. It supports self-configuration of trends, images, data values, and more in order to present data information. A cross-site scripting vulnerability exists in OSIsoft P...

IBM Intelligent Operations Center Cross-Site Scripting Vulnerability (CNVD-2020-44876)

IBM Intelligent Operations Center IOC is a suite of city operations solutions from IBM in the United States. The product features data visualization and real-time collaboration. A cross-site scripting vulnerability exists in IBM Intelligent Operations Center IOC, which stems from the lack of prop...

SilverStripe Cross-Site Scripting Vulnerability (CNVD-2020-42956)

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . Silverstripe 4.5 and previous versions of cross-site scripting vulnerability. The...

CVE-2020-15103

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data th...

Mida Solutions eFramework Cross-Site Scripting Vulnerability

Mida Solutions eFramework is a suite of unified communications and collaboration services from Mida Solutions, Italy. A cross-site scripting vulnerability exists in Mida Solutions eFramework version 2.9.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by...

Mida Solutions eFramework Cross-Site Scripting Vulnerability (CNVD-2020-42663)

Mida Solutions eFramework is a suite of unified communications and collaboration services from Mida Solutions, Italy. A cross-site scripting vulnerability exists in Mida Solutions eFramework version 2.9.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:1061-1 Rating: important References: 1174189 Cross-References: CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519...

CVE-2020-10917

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

DEBIAN-CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

CVE-2020-6535

CVE-2020-6535 affects Google Chrome/WebUI where insufficient data validation in the WebUI allowed a renderer-compromised attacker to inject scripts/HTML into a privileged page via a crafted HTML page. The vulnerability targets Chrome versions prior to 84.0.4147.89. Public sources in connected doc...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

Adobe Photoshop MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...