Lucene search
K

5256 matches found

CVE
CVE
added 2020/12/31 8:21 a.m.57 views

CVE-2020-35904

CVE-2020-35904 affects the Rust crate crossbeam-channel prior to version 0.4.4. The issue is an incorrect assumption about the relationship between memory allocation and the number of elements produced by an iterator, leading to unsound behavior when the Vec is reconstructed from a raw pointer ba...

5.5CVSS7.2AI score0.00388EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/31 8:21 a.m.44 views

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

5.4AI score0.00388EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/12/29 12:0 a.m.4 views

The vulnerability of the IBM Cloud Pak for Security (CP4S) platform, related to the lack of measures to neutralize special elements, allows a hacker to execute arbitrary code.

The vulnerability of the IBM Cloud Pak for Security CP4S platform is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...

9CVSS7.2AI score0.01591EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/12/22 5:15 p.m.13 views

Improper access control

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

4CVSS4.5AI score0.00692EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.3 views

The vulnerability of TP-LINK TL-WR849N router’s microprogramming software lies in the lack of measures taken to neutralize the special elements used in operating system teams. This allows a hacker to execute arbitrary commands.

The vulnerability of TP-LINK’s TL-WR849N router software relates to the lack of measures taken to neutralize special elements used in operating system teams. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands using special metashell shells...

10CVSS8.1AI score0.42047EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.3 views

The vulnerability of the Rake::FileList class implementation in the Rake tool for automating the compilation of software code allows a attacker to execute arbitrary commands.

The vulnerability of the Rake::FileList class implementation in the Rake tool for automating the compilation of software code is related to the lack of measures taken to eliminate special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute...

6.9CVSS7.1AI score0.01359EPSS
Exploits1References14Affected Software6
CNVD
CNVD
added 2020/12/21 12:0 a.m.3 views

Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-00391)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in FireFox versions prior to FireFox 83, which stems from the fact that when listening for page changes using a mutation observer, a malicious web page may cause Firefox...

6.5CVSS8.7AI score0.00844EPSS
Exploits0References1
Node.js
Node.js
added 2020/12/18 10:54 p.m.76 views

Cross-Site Scripting

Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...

4.3CVSS1.9AI score0.04522EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/12/18 10:51 p.m.326 views

GHSA-63Q7-H895-M982 Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.2AI score0.04522EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2020/12/15 7:2 p.m.3 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
BDU FSTEC
BDU FSTEC
added 2020/12/11 12:0 a.m.2 views

The vulnerability of the Xstream Java library for converting objects to XML or JSON format arises from the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the Java library for converting objects to XML or JSON format, Xstream, exists due to the lack of measures taken to eliminate special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

8CVSS7.2AI score0.85001EPSS
Exploits7References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/12/11 12:0 a.m.2 views

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.3CVSS8.4AI score0.02826EPSS
Exploits0References14Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/12/10 12:0 a.m.3 views

The vulnerability of Google Chrome web browser’s file system allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s file system is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.6CVSS8.1AI score0.00858EPSS
Exploits0References10Affected Software6
OSV
OSV
added 2020/12/09 1:15 a.m.4 views

CVE-2020-26967

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability...

6.5CVSS7.1AI score
Exploits0References2
Amazon
Amazon
added 2020/12/09 12:0 a.m.52 views

Critical: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9.8CVSS8.9AI score0.42597EPSS
Exploits4
Talos
Talos
added 2020/12/09 12:0 a.m.53 views

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS8.7AI score0.66678EPSS
Exploits1
Veracode
Veracode
added 2020/12/06 3:5 a.m.24 views

Sandbox Restrictions Bypass

chromium is vulnerable to arbitrary code execution. Incorrect lifetime handling in HTML select elements allows a remote attacker to perform a sandbox escape via a malicious HTML page...

9.6CVSS4.2AI score0.01457EPSS
Exploits0References10Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/12/03 12:0 a.m.7 views

The vulnerability in the subscription subsystem of Cisco AsyncOS allows a hacker to increase their privileges.

The vulnerability of the subscription subsystem for Cisco AsyncOS relates to the lack of measures to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.8CVSS6.2AI score0.00788EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/12/03 12:0 a.m.6 views

The vulnerability of the Drupal CMS system’s kernel allows a hacker to execute arbitrary code.

The vulnerability of the Drupal CMS system’s kernel is related to insufficient cleaning of special elements in the output data used by the incoming components. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9.9CVSS8AI score0.04269EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/02 12:0 a.m.10 views

DOM Elements Excluded

Some DOM elements matched one or more entries in the DOM Exclusion list and therefore were excluded from interactions. No source data...

7.4AI score
Exploits0
Rows per page
Query Builder