DEBIAN-CVE-2024-7019

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

The vulnerability of the Reporter Widget component in the Veeam ONE monitoring software allows a attacker to execute arbitrary HTML code.

The vulnerability of the Reporter Widgets component of the Veeam ONE monitoring software lies in the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

CVE-2024-43025

An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail...

PT-2024-39302 · Circutor · Circutor Q-Smt

Name of the Vulnerable Software and Affected Versions: CIRCUTOR Q-SMT version 1.0.4 Description: An attacker with access to the network where the CIRCUTOR Q-SMT is located could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol,...

CIRCUTOR Q-SMT 安全漏洞

CIRCUTOR Q-SMT is an industrial hardware device from CIRCUTOR, Inc. A security vulnerability exists in CIRCUTOR Q-SMT version 1.0.4, which stems from the implementation of the HTTP protocol only, and allows an attacker to access the host network and obtain legitimate credentials or steal sessions...

DEBIAN-CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to corrupt dynamic memory.

Vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers. Exploiting this vulnerability can allow a remote attacker to corrupt dynamic memory through a specially crafted HTML page...

SUSE CVE-2021-21155

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

The vulnerability in the Google Chrome web browser, related to reading data beyond the allowed buffer size, allows a hacker to gain access to confidential data.

The vulnerability in the Google Chrome web browser relates to reading data from the buffer beyond its allowable limits. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data through a specially created HTML page...

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

...

CVE-2024-42342

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

OESA-2024-2069 netty3 security update

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...

WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Betheme versions = 27.5.6...

ROS-20240827-07

Vulnerability in UnlinkedWikibase extension of a software tool for implementing hypertext environments MediaWiki is related to improper input neutralization during web page creation. Exploitation The vulnerability could allow an attacker acting remotely to perform cross-site scripting attacks XSS...

PT-2024-31668 · Htmldoc +3 · Htmldoc +3

Name of the Vulnerable Software and Affected Versions: HTMLDOC versions prior to 1.9.19 Description: The issue is related to an out-of-bounds write in the parse paragraph function in ps-pdf.cxx due to an attempt to strip leading whitespace from a whitespace-only node. This flaw can lead to a...

Hitachi Energy MicroSCADA X SYS600 安全漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. A security vulnerability exists in Hitachi Energy MicroSCADA ...

ELECOM多款产品 缓冲区错误漏洞

ELECOM WRC-X3000GS2-W and others are products of ELECOM.ELECOM WRC-X3000GS2-W is a wireless router.ELECOM WRC-X3000GS2-B is a gigabit router.ELECOM WRC-X3000GS2A-B is a gigabit router. A buffer error vulnerability exists in various ELECOM products that originates from the processing of specially...