4511 matches found
IBM Security QRadar 安全漏洞
IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. IBM Security QRadar suffers from an HTML...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 requests in the Kestrel server. An attacker can execute arbitrary code by sending specially crafted HTTP/3 requests that exploit the data corruption issue. Remediation Upgrade...
CVE-2023-50181
An improper access control vulnerability CWE-284 in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests...
RailsAdmin Security Vulnerability
RailsAdmin is a Rails engine from the US Rails team that provides an easy-to-use interface to manage your data. A security vulnerability exists in RailsAdmin that stems from incorrect escaping of the HTML title attribute...
PT-2024-28446 · Traefik +1 · Traefik +1
Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 Description: The issue allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. This occurs because HTTP/3 servers process...
The vulnerability of the SwiftShader library in Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code.
The vulnerability of the SwiftShader library in Microsoft Edge and Google Chrome browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created HTML page...
CVE-2024-28182
...
CVE-2024-5737
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...
Admiror Frames Security Vulnerability
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Admiror Frames versions prior to 5.0, which stems from a script in the extension that does not specify the content type, and could allow an attacker to embed HTML tags...
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Tab Strip component in Google Chrome prior to version 126.0.6478.54 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Type confusion in WebAssembly in Google Chrome prior to version 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2024-6291
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
OpenCart Security Vulnerabilities
OpenCart is an open source e-commerce system by the OpenCart team in Hong Kong, China. The system provides modules for product reviews, product ratings, product additions, etc. A security vulnerability exists in OpenCart. OpenCart has a security vulnerability that stems from the presence of...
CVE-2024-35778
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17...
SUSE CVE-2024-6102
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...
The vulnerability of the Tab Strip control elements in Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the Tab Strip control elements in Microsoft Edge and Google Chrome is related to buffer overflows in the “bucket” mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by using a specially created HTML page...
The vulnerability of the Dawn component in Microsoft Edge and Google Chrome browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Dawn component in Microsoft Edge and Google Chrome lies in the improper security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a special...
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...