5259 matches found
Oracle Linux 8 : thunderbird (ELSA-2020-4155)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...
CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...
Information Disclosure
webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the drawing of web page elements that causes browsing history to be revealed...
CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
Cross site scripting
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
The vulnerability of the _is_clamav_binary function in Index.js, a antivirus scanner called clamscan, allows a malicious user to execute arbitrary commands.
The vulnerability of the isclamavbinary function in Index.js of the antivirus scanner clamscan exists because special elements are not properly neutralized. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
RUSTSEC-2020-0050 VecCopy allows misaligned access to elements
VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...
VecCopy allows misaligned access to elements
VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2020-15676
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
The vulnerability of the Cisco Jabber Client Framework for Windows software lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Cisco Jabber Client Framework for Windows software is related to the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Elementor Addon Elements < 1.6.4 - CSRF & XSS
Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...
WordPress Elementor Addon Elements plugin <= 1.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress Elementor Addon Elements plugin versions = 1.6.3. Solution Update the WordPress Elementor Addon Elements plugin to the latest available version at least 1.6.3...
PT-2020-10876 · Twitter · Bootstrap-Select
Name of the Vulnerable Software and Affected Versions: bootstrap-select versions prior to 1.13.6 Description: The issue allows Cross-Site Scripting XSS due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser...
@planningcenter/icons (>=3.0.0-7 <=3.0.0-15), feathers-commands (>=0.0.1 <=0.1.4) +11 more potentially affected by unknown CVE via smart-extend (=1.7.4)
smart-extend NPM version =1.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on smart-extend and may be impacted: - @planningcenter/icons =3.0.0-7, =0.0.1, =1.0.4, =1.0.2, =0.0.1, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.0, =1.0.1, =2.0.0, =3.0.5 Source...
The vulnerability of the configuration management system and remote execution capabilities of SaltStack Salt—which exists due to the lack of measures to neutralize special elements—allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of SaltStack Salt’s configuration management system and remote execution capabilities exists because measures to neutralize specific elements are not taken. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, a...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...