5255 matches found
The vulnerability of the NtFilterToken ParentTokenId component in Microsoft Windows operating systems, which allows a hacker to increase their privileges.
The vulnerability of the NtFilterToken ParentTokenId component in Microsoft Windows operating systems is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to increase their privileges...
Cross-site Scripting (XSS)
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing...
The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV lies in the improper elimination of certain elements in the output data used by the incoming component, allowing an attacker to execute arbitrary code.
The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV is related to incorrect elimination of special elements in the output data used by the incoming component. Exploitation of this vulnerability can allow...
CVE-2020-10060
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
The vulnerability of the Apache SpamAssassin spam filtering software lies in the lack of measures to neutralize special elements. This allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.
The vulnerability of the Apache SpamAssassin spam filtering software lies in the lack of measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability can allow a hacker to gain unauthorized access to confidential data, cause service failures, an...
Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-013
The Webform module allows site builders to create forms. The module doesn't sufficiently prevent malicious code from being render via an options elements i.e select menu, checkboxes, radios, etc... under the scenario where the site builder allows the raw option value to be displayed. This...
DEBIAN-CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
UBUNTU-CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
The vulnerability of the Evince document viewing software lies in its inability to eliminate special elements, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the Evince document viewing software is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow a perpetrator to execute arbitrary commands...
PT-2020-8631 · Jquery · Jquery
Name of the Vulnerable Software and Affected Versions: jQuery version 2.2.2 Description: The issue allows for cross-site scripting XSS attacks via a crafted onerror attribute of an IMG element. Recommendations: For jQuery version 2.2.2, consider disabling the use of the onerror attribute in IMG...
February 10, 2015 update for Office Web Apps Server 2013 (KB2956101)
February 10, 2015 update for Office Web Apps Server 2013 KB2956101 This article describes update KB2956101 for Microsoft Office Web Apps Server 2013 that was released on February 10, 2015. This update has a prerequisite. Improvements and Fixes Improves localization to make sure that the meanings...
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of data set elements. The issue results from the lac...
The vulnerability of the operating system utility package OC SUSE Linux Supportutils lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.
The vulnerability of the operating system utility package for SUSE Linux Supportutils lies in the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows an attacker to execute arbitrary commands by controlling the rp...
Privilege Escalation
openjdk is vulnerable to privilege escalation. It was found that the Java launcher provided by OpenJDK did not check the LDLIBRARYPATH environment variable for insecure empty path elements. A local attacker able to trick a user into running the Java launcher while working from an attacker-writabl...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the way Firefox stored attributes in XML User Interface Language XUL elements. A web site could use this flaw to track users across browser sessions, even if users did not allow the site to store...
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to the lack of measures to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to certain elements that may contain parentheses. Through these elements, it is possible to inject closing tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...
CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
The command-line interface vulnerability of the Cisco Unified Computing System (UCS) Manager software for UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects, and UCS 6400 Series Fabric Interconnects allows a attacker to execute arbitrary code.
The vulnerability of the command-line interface of the Cisco Unified Computing System UCS Manager software for microprogrammed routers in the UCS 6200 Series Fabric Interconnects and UCS 6300 Series Fabric Interconnects is related to the lack of measures taken to neutralize special elements used ...
kernel: buffer-overflow hardening in WiFi beacon validation code.
A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this...
CVE-2020-9521
CVE-2020-9521 affects Micro Focus Service Manager Automation (SMA). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands, impacting SMA versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The connected records confirm the issue and...