Astra Linux – Vulnerability in Chromium

A heap buffer overflow in Skia in Google Chrome prior to version 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Type Confusion in V8 in Google Chrome before version 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2024-8932

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

The vulnerability of the ccmdebug_m() function in the microprogramming software for the Annke Crater 2 (F300) camera allows a intruder to execute arbitrary commands.

The vulnerability of the ccmdebugm function in the Annke Crater 2 F300 IP camera software lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a...

CVE-2024-9526

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...

Oracle Agile PLM Framework 安全漏洞

Oracle Agile PLM Framework is a framework product from Oracle Corporation. A security vulnerability exists in Oracle Agile PLM Framework version 9.3.6 that originates from allowing an attacker to gain unauthorized access to critical data via HTTP over the network...

UBUNTU-CVE-2021-1494

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this...

WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin NIX Anti-Spam Light versions = 0.0.4...

Important: perl-App-cpanminus

Issue Overview: The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. CVE-2024-45321 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section...

SUSE CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

The vulnerability of component E1 in the IOT Orchestrator Security application of JD Edwards EnterpriseOne allows a attacker to disclose protected information.

The vulnerability of component E1 in the JD Edwards EnterpriseOne Orchestrator Security application relates to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose sensitive information using the HTTP protocol...

DEBIAN-CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

Security update for curl

This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

Symfony 注入漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony. Symfony suffers from an injection vulnerability that stems from allowing the separation of a PHP application from its global state...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 30.0.6723.116, which originates from a heap corruption vulnerability that can be exploited by a remote attacker with the help of specially crafted hypertext markup language pages...

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome is related to insufficient testing of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page from a remote location...

CVE-2024-48352

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV042, RV042G, RV320, and RV325 allows a hacker to execute arbitrary code or cause service interruptions.

The vulnerability of the web interface for managing microprogrammed software routers of Cisco Small Business RV042, RV042G, RV320, and RV325 stems from the escape of operations beyond the buffer in memory, resulting from insufficient validation of input data during HTTP packet processing...