Lucene search
K

5256 matches found

ThreatPost
ThreatPost
added 2020/11/26 2:0 p.m.58 views

Changing Employee Security Behavior Takes More Than Simple Awareness

Security awareness rarely leads to sustained behavior change on its own, according to a recent analysis – meaning that organizations need to proactively develop a robust “human-centered” security program to reduce the number of security incidents associated with poor security behavior. According ...

0.1AI score
Exploits0References5
CNNVD
CNNVD
added 2020/11/24 12:0 a.m.6 views

MISP 安全漏洞

MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. An ACL checking deficiency vulnerability exists in MISP versions prior to 2.4.135 related to...

9.8CVSS7.3AI score0.01231EPSS
Exploits0References3
Veracode
Veracode
added 2020/11/20 9:57 a.m.18 views

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. An attacker can remove HTML elements during sanitization would keep existing SVG event handlers and subsequently execute arbitrary Javascript on a user's browser...

6.1CVSS3.2AI score0.01212EPSS
Exploits0References5Affected Software8
RedhatCVE
RedhatCVE
added 2020/11/18 1:9 a.m.27 views

CVE-2020-26956

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

6.1CVSS2.1AI score0.01212EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in FireFox versions prior to FireFox 83, which stems from the fact that when listening for page changes using a mutation observer, a malicious web page may cause Firefox...

6.5CVSS6.9AI score0.00844EPSS
Exploits0References7
OSV
OSV
added 2020/11/17 12:0 a.m.4 views

UBUNTU-CVE-2020-26967

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability...

6.5CVSS7AI score0.00844EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/11/12 12:0 a.m.4 views

The vulnerability of the FXOS operating system, which arises due to the failure to address the issue of eliminating special elements, allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the FXOS operating system exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

7.2CVSS7.2AI score0.00376EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/12 12:0 a.m.4 views

The vulnerability of the command-line interface of the FXOS operating system allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the command-line interface of the FXOS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command line. Exploiting this vulnerability allows a perpetrator to execute arbitrary code with root privileges...

7.2CVSS7.1AI score0.004EPSS
Exploits0References3Affected Software3
Node.js
Node.js
added 2020/11/09 2:24 p.m.55 views

Cross-Site Scripting in scratch-svg-renderer

Overview This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Recommendation Upgrade to version...

6.8CVSS3.2AI score0.06074EPSS
Exploits3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/02 12:0 a.m.3 views

The vulnerability of the jQuery library arises from insufficient cleaning of data provided by users when elements of the <option> type are passed. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the jQuery library exists due to insufficient cleaning of the data provided by the user when elements with the tag are passed to jQuery’s DOM methods. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

6.1CVSS6.5AI score0.8383EPSS
Exploits6References31Affected Software43
CVE
CVE
added 2020/10/27 7:47 p.m.59 views

CVE-2019-8754

CVE-2019-8754 describes a cross-origin iframe issue in macOS components. The root cause is a cross-origin security origins tracking flaw that could allow a malicious HTML document to render iframes containing sensitive user information. Apple patched this in macOS Catalina 10.15.1 and Security Up...

6.5CVSS6.5AI score0.00439EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/10/22 12:0 a.m.8 views

The vulnerability of the WildFly application server in Java, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the WildFly application server relates to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

5.5CVSS6.6AI score0.01509EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.5 views

The vulnerability of the FortiSIEM Windows Agent security management system lies in the absence of quotation marks around elements or search paths in the code. This allows attackers to escalate their privileges.

The vulnerability of the FortiSIEM Windows Agent security management system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

10CVSS7.7AI score0.01545EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/10/12 4:15 p.m.20 views

Cross site scripting

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

4.3CVSS6AI score0.00676EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/10/09 12:0 a.m.3 views

The vulnerability of the Cisco IOS XE operating system, related to the lack of measures to neutralize special elements used in the operating system’s commands, allows a perpetrator to increase their privileges and execute arbitrary code.

The vulnerability of the Cisco IOS XE operating system is related to the lack of measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

7.7CVSS7.2AI score0.00357EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/10/07 4:15 p.m.22 views

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS0.04522EPSS
Exploits1References6
OSV
OSV
added 2020/10/07 4:15 p.m.45 views

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.4AI score0.04522EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.30 views

Oracle Linux 8 : thunderbird (ELSA-2020-4155)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...

8.8CVSS7.8AI score0.01961EPSS
Exploits0References5
OSV
OSV
added 2020/10/01 7:15 p.m.7 views

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS8AI score
Exploits0References9
Veracode
Veracode
added 2020/10/01 3:52 a.m.40 views

Information Disclosure

webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the drawing of web page elements that causes browsing history to be revealed...

4.3CVSS1.3AI score0.01251EPSS
Exploits0References5Affected Software28
Rows per page
Query Builder