DEBIAN-CVE-2023-1236

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2023-1234

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2023-1217

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser from the American company Google Google. A security vulnerability exists in Google Chrome on Android versions prior to 111.0.5563.64. An attacker exploits the vulnerability to perform domain spoofing via specially crafted HTML pages...

QuickEntity Editor 跨站脚本漏洞

QuickEntity Editor is a QuickEntity Editor by atampy25 Personal Developer. A cross-site scripting vulnerability exists in QuickEntity Editor that stems from an uncleaned HTML tag in an entity name...

The vulnerability of the Video components in Microsoft Edge and Google Chrome allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Microsoft Edge and Google Chrome browser’s Video component is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information b...

The vulnerability of the Fortinet FortiNAC network access control mechanism, related to deficiencies in authentication procedures, allows a perpetrator to execute arbitrary code.

The vulnerability of the Fortinet FortiNAC network access control device is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST requests via the HTTP protocol...

The vulnerability of the GeneralUtility::getIndpEnv() function in the TYPO3 content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the GeneralUtility::getIndpEnv function in the TYPO3 content management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially...

The vulnerability of the Full Screen Mode implementation of the Google Chrome browser, which allows a hacker to alter the content of the user interface

The vulnerability of Google Chrome’s full-screen mode implementation is related to errors in data type mixing. Exploiting this vulnerability allows a malicious actor to modify the content of the user interface remotely by using a specially crafted HTML page...

AZL-25350 CVE-2022-41723 affecting package golang for versions less than 1.19.6-1

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

SUSE CVE-2023-0930

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

DEBIAN-CVE-2023-0928

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

The vulnerability of the HTTP Profile configuration in the BIG-IP application security server virtual machine allows a attacker to cause a service failure.

The vulnerability of the HTTP Profile configuration in the BIG-IP application security server virtual machine allows a malicious actor to cause service interruptions by sending specially crafted requests after the expiration of the resource lease period. Exploiting this vulnerability can enable a...

Fortinet FortiWeb 缓冲区错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Fortinet FortiWeb suffers from a buffer overflow vulnerability that can be exploited by an attacker with a specially design...

PT-2023-6559

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue is related to a maliciously crafted HTTP/2 stream that could cause excessive CPU consumption in the HPACK decoder, leading to a denial of servic...

SUSE CVE-2001-0168

Buffer overflow in AT&T WinVNC Virtual Network Computing server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0...

SUSE CVE-2003-1302

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...

SUSE CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

SUSE CVE-2006-7139

Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service crash via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations...