5254 matches found
Use-After-Free (UAF)
Firefox, Firefox ESR and Thunderbird are vulnerable to use-after-free vulnerability. Errors in the handling of node adoption while manipulating DOM events and removing audio elements could possibly result in a system crash...
Access Restriction Bypass
JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the...
Arbitrary Code Execution
firefox/thunderbird is vulnerable to arbitrary code execution.A use-after-free vulnerability in the function nsFrameList::FirstChild allows remote attackers to cause a heap memory corruption that would result in arbitrary code execution or application crash by changing the size of the a container...
DEBIAN-CVE-2019-9790
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...
Cross-Site Scripting
Overview Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting...
VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...
Cross site scripting
OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store...
CVE-2018-19006
OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store...
CVE-2018-19006
OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store...
CVE-2019-10887
A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...
The vulnerability of the IMAP component of the PHP programming language interpreter allows attackers to execute arbitrary commands on the operating system.
The vulnerability of the IMAP component of the PHP programming language interpreter is related to insufficient neutralization of special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...
CVE-2018-4319
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
Cross site scripting
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4319
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4319
CVE-2018-4319 describes a cross-origin issue in iframe handling resolved by improved tracking of security origins in WebKit-based components. Affected products include Safari/WebKit on iOS before iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Apple security pag...
CVE-2019-1752
A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit thi...
CVE-2019-7167
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
PT-2019-1717 · Cisco · Cisco Ios Xe +1
Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the ISDN functions of the software could allow an unauthenticated, remote attacker to cause the device to reload. The issue is due to...
Denial Of Service (DoS)
@angular/platform-browser is vulnerable to denial of service DoS attacks. The vulnerability exists as clobbered elements can freeze the browser, causing DoS attacks...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...