Lucene search
K

5259 matches found

Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.30 views

Oracle Linux 8 : thunderbird (ELSA-2020-4155)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...

8.8CVSS7.8AI score0.01961EPSS
Exploits0References5
OSV
OSV
added 2020/10/01 7:15 p.m.7 views

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS8AI score
Exploits0References9
Veracode
Veracode
added 2020/10/01 3:52 a.m.40 views

Information Disclosure

webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the drawing of web page elements that causes browsing history to be revealed...

4.3CVSS1.3AI score0.01251EPSS
Exploits0References5Affected Software28
NVD
NVD
added 2020/09/30 6:15 p.m.19 views

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS0.01738EPSS
Exploits0References5
OSV
OSV
added 2020/09/30 6:15 p.m.17 views

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS6.5AI score
Exploits0References5
Prion
Prion
added 2020/09/30 6:15 p.m.19 views

Cross site scripting

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

4.3CVSS6.1AI score0.01738EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2020/09/30 4:17 p.m.25 views

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS5.3AI score0.01738EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/09/30 12:30 p.m.30 views

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

6.2AI score0.01738EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/09/29 12:0 a.m.5 views

The vulnerability of the _is_clamav_binary function in Index.js, a antivirus scanner called clamscan, allows a malicious user to execute arbitrary commands.

The vulnerability of the isclamavbinary function in Index.js of the antivirus scanner clamscan exists because special elements are not properly neutralized. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.1CVSS7.8AI score0.02122EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2020/09/27 12:0 p.m.26 views

RUSTSEC-2020-0050 VecCopy allows misaligned access to elements

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...

5.5CVSS5.3AI score0.00374EPSS
Exploits1References3
RustSec
RustSec
added 2020/09/27 12:0 p.m.25 views

VecCopy allows misaligned access to elements

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...

5.5CVSS2.3AI score0.00374EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/23 4:12 p.m.3 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedhatCVE
RedhatCVE
added 2020/09/22 8:48 p.m.35 views

CVE-2020-15676

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS1.2AI score0.01594EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/09/11 12:0 a.m.6 views

The vulnerability of the Cisco Jabber Client Framework for Windows software lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Cisco Jabber Client Framework for Windows software is related to the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8.3AI score0.03902EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/09 12:0 a.m.13 views

Elementor Addon Elements < 1.6.4 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

2.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/09/09 12:0 a.m.7 views

WordPress Elementor Addon Elements plugin <= 1.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress Elementor Addon Elements plugin versions = 1.6.3. Solution Update the WordPress Elementor Addon Elements plugin to the latest available version at least 1.6.3...

2AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/03 12:0 a.m.3 views

PT-2020-10876 · Twitter · Bootstrap-Select

Name of the Vulnerable Software and Affected Versions: bootstrap-select versions prior to 1.13.6 Description: The issue allows Cross-Site Scripting XSS due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS6.5AI score0.01738EPSS
Exploits0References14
vulnersOsv
vulnersOsv
added 2020/09/02 4:2 p.m.6 views

@planningcenter/icons (>=3.0.0-7 <=3.0.0-15), feathers-commands (>=0.0.1 <=0.1.4) +11 more potentially affected by unknown CVE via smart-extend (=1.7.4)

smart-extend NPM version =1.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on smart-extend and may be impacted: - @planningcenter/icons =3.0.0-7, =0.0.1, =1.0.4, =1.0.2, =0.0.1, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.0, =1.0.1, =2.0.0, =3.0.5 Source...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.5 views

The vulnerability of the configuration management system and remote execution capabilities of SaltStack Salt—which exists due to the lack of measures to neutralize special elements—allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of SaltStack Salt’s configuration management system and remote execution capabilities exists because measures to neutralize specific elements are not taken. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, a...

9.8CVSS8AI score0.15106EPSS
Exploits0References7Affected Software4
RedHat Linux
RedHat Linux
added 2020/08/12 11:45 a.m.3 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
Rows per page
Query Builder