Lucene search
K

5254 matches found

Veracode
Veracode
added 2019/05/02 5:51 a.m.24 views

Use-After-Free (UAF)

Firefox, Firefox ESR and Thunderbird are vulnerable to use-after-free vulnerability. Errors in the handling of node adoption while manipulating DOM events and removing audio elements could possibly result in a system crash...

9.8CVSS9.1AI score0.21401EPSS
Exploits6References13Affected Software3
Veracode
Veracode
added 2019/05/02 4:43 a.m.39 views

Access Restriction Bypass

JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the...

10CVSS6AI score0.6477EPSS
Exploits7References11Affected Software204
Veracode
Veracode
added 2019/05/02 4:41 a.m.28 views

Arbitrary Code Execution

firefox/thunderbird is vulnerable to arbitrary code execution.A use-after-free vulnerability in the function nsFrameList::FirstChild allows remote attackers to cause a heap memory corruption that would result in arbitrary code execution or application crash by changing the size of the a container...

9.3CVSS9.7AI score0.04527EPSS
Exploits0References16Affected Software3
OSV
OSV
added 2019/04/26 5:29 p.m.2 views

DEBIAN-CVE-2019-9790

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

9.8CVSS9.2AI score0.01838EPSS
Exploits0References1
Node.js
Node.js
added 2019/04/18 9:13 p.m.16 views

Cross-Site Scripting

Overview Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting...

6.6AI score
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/04/17 12:0 a.m.23 views

VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

2.8CVSS2.1AI score0.01045EPSS
Exploits0References1
Prion
Prion
added 2019/04/08 3:29 p.m.11 views

Cross site scripting

OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store...

3.5CVSS4.7AI score0.00699EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/08 3:29 p.m.16 views

CVE-2018-19006

OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store...

4.8CVSS4.8AI score0.00699EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/08 2:30 p.m.21 views

CVE-2018-19006

OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store...

4.8AI score0.00699EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/05 5:26 p.m.16 views

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...

6.3AI score0.05817EPSS
Exploits5References3
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.3 views

The vulnerability of the IMAP component of the PHP programming language interpreter allows attackers to execute arbitrary commands on the operating system.

The vulnerability of the IMAP component of the PHP programming language interpreter is related to insufficient neutralization of special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...

8.5CVSS7AI score0.9523EPSS
Exploits6References8Affected Software3
OSV
OSV
added 2019/04/03 6:29 p.m.9 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS7.8AI score
Exploits0References5
Prion
Prion
added 2019/04/03 6:29 p.m.18 views

Cross site scripting

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

5.8CVSS7.2AI score0.01075EPSS
Exploits0References5Affected Software4
Cvelist
Cvelist
added 2019/04/03 5:43 p.m.21 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

7.8AI score0.01075EPSS
Exploits0References5
CVE
CVE
added 2019/04/03 5:43 p.m.152 views

CVE-2018-4319

CVE-2018-4319 describes a cross-origin issue in iframe handling resolved by improved tracking of security origins in WebKit-based components. Affected products include Safari/WebKit on iOS before iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Apple security pag...

8.1CVSS7.4AI score0.01075EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2019/03/28 12:29 a.m.1 views

CVE-2019-1752

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit thi...

7.5CVSS7.2AI score0.02516EPSS
Exploits0References2
NVD
NVD
added 2019/03/27 2:29 a.m.24 views

CVE-2019-7167

Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...

7.5CVSS7.6AI score0.01705EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/03/27 12:0 a.m.3 views

PT-2019-1717 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the ISDN functions of the software could allow an unauthenticated, remote attacker to cause the device to reload. The issue is due to...

8.6CVSS7.7AI score0.02516EPSS
Exploits0References5
Veracode
Veracode
added 2019/03/26 2:14 a.m.8 views

Denial Of Service (DoS)

@angular/platform-browser is vulnerable to denial of service DoS attacks. The vulnerability exists as clobbered elements can freeze the browser, causing DoS attacks...

6.4AI score
Exploits0
NVD
NVD
added 2019/03/21 4:1 p.m.31 views

CVE-2019-9870

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...

9.8CVSS9.5AI score0.01846EPSS
Exploits0References2
Rows per page
Query Builder