ALPINE-CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-29452

Currently, geomap configuration Administration - General - Geographical maps allows using HTML in the field “Attribution text” when selected “Other” Tile provider...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

PT-2023-9534 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite component: Site Hierarchy Flows versions 12.2.3 through 12.2.13 Description: The issue is related to authorization errors in the Site Hierarchy Flows component of Oracle Site Hub in Oracle E-Business Suite. This can be...

DEBIAN-CVE-2023-29406

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

UBUNTU-CVE-2023-29406

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

CVE-2022-29562

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

Siemens RUGGEDCOM ROX 输入验证错误漏洞

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. An input validation error vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to send an incorrectly formatted HTT...

CVE-2023-3225

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China-based Milesight. A security vulnerability exists in the Milesight UR32L version v32.3.0.5, which stems from the use of an insecure sprintf pattern. An attacker could exploit the vulnerability to cause a buffer overflow via a specially craft...

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L urvpnclient httpconnectionreadcb function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an...

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China-based Milesight. A security vulnerability exists in the Milesight UR32L version v32.3.0.5, which stems from the use of an insecure sprintf pattern. An attacker could exploit the vulnerability to cause a buffer overflow via a specially craft...

ROS-2-2235

2.2235 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

The vulnerability of the Fullscreen application interface of Google Chrome’s browser allows a perpetrator to compromise data integrity.

The vulnerability of the Fullscreen application interface of Google Chrome browser is related to improper security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created HTML page...

nodejs 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in nodejs that stems from not strictly using CRLF sequences to delimit HTTP requests, which could lead to HTTP request smuggling HRS...

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, is related to insufficient protection of the website structure. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the StruxureWare Data Center Exper monitoring system relates to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack at the final download point of a DCE file, by modifying paramete...

golang: html/template: backticks not treated as string delimiters

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...

Zoom Client 注入漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.10, which stems from the inclusion of an HTML injection that could cause the Zoom application to crash if a victim begins...

Zoom Client 注入漏洞

Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.10 that stems from the inclusion of an HTML injection, which can be exploited by an attacker to inject HTML into the displa...

WordPress Plugin WP HTML Mail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...