5255 matches found
Default configuration
The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...
CVE-2014-8328
The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...
CVE-2014-8328
The CVE-2014-8328 issue affects the TYPO3 Dynamic Content Elements (dce) extension prior to version 0.11.5. The vulnerability arises from the extension’s update check functionality, which could disclose sensitive installation environment information to remote attackers. The in-scope detail confir...
CVE-2020-5230
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...
Sql injection
An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...
kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...
[SECURITY] Fedora 30 Update: gnulib-0-31.20200107git.fc30
The GNU portability library is a macro system and C declarations and definitions for commonly-used API elements and abstracted system behaviors. It can be used to improve portability and other functionality in your progr ams...
The vulnerability of the quality management module in the SAP R/3 system lies in the lack of measures taken to neutralize special elements used in SQL queries, allowing attackers to disclose sensitive information.
The vulnerability of the SAP Quality Management module in the SAP R/3 system exists due to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information by sending a...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
UBUNTU-CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
VulnCheck KEV: CVE-2019-17026
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements...
The vulnerability of the McAfee Advanced Threat Defense software arises from the lack of measures taken to neutralize its special elements, allowing attackers to execute arbitrary commands.
The vulnerability of the McAfee Advanced Threat Defense security tool exists due to the failure to take measures to neutralize specific elements within it. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands by sending specially crafted HTTP...
CVE-2019-19691
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability...
CVE-2019-19691
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability...
CVE-2019-8769
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...
CVE-2019-8769
CVE-2019-8769 concerns WebKit: an issue in the drawing of web page elements could allow leakage of browsing history when visiting a malicious site. Public fixes span multiple platforms and projects: Apple webkit (iOS 13.1/iPadOS 13.1 and macOS Catalina 10.15), WebKitGTK/WebKitGTK+ (e.g., webkitgt...
CVE-2019-8769
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...
The vulnerability of the NAT Port Mapping Protocol implementation in the TP-Link M7350 router’s microprogramming software arises from the failure to take measures to eliminate special elements used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.
The vulnerability of the NAT Port Mapping Protocol NAT-PMP implementation of TP-Link’s M7350 router software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the Port Triggering function in TP-Link M7350 microprogramming devices arises from the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.
The vulnerability of the Port Triggering function in TP-Link’s M7350 route switch software exists because measures to neutralize the special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Internal Port component of the TP-Link M7350 microprogramming system’s route blocker lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary commands.
The vulnerability of the Internal Port component of the TP-Link M7350 microprogramming system controller exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...