DEBIAN-CVE-2023-0700

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

UBUNTU-CVE-2023-0699

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. Chromium security severity: Medium...

Softr 跨站脚本漏洞

Softr is a no-code website builder from Softr, Inc. A security vulnerability exists in Softr version v2.0, which stems from the presence of an HTML injection vulnerability via the parameter Work Space Name...

MOXA SDS-3008 安全漏洞

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from an information disclosure vulnerability that can be exploited by an attacker to send specially crafted HTTP requests resulting in the disclosure of sensitive information...

PT-2023-18848 · Connectwise · Connectwise Control

Name of the Vulnerable Software and Affected Versions: Connectwise Control version 22.8.10013.8329 Description: The login page of Connectwise Control does not implement HSTS headers, which results in not enforcing HTTPS. The vendor's position is that this behavior is controlled by a configuration...

USN-5833-1 python-future vulnerability

Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service...

Wire 安全漏洞

Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos as well as its original greeting method PING. A security vulnerability exists in versions of the Wire web-app prior to...

Socomec MODULYS GP 安全漏洞

Socomec MODULYS GP is a green power device from Socomec, a French company. A security vulnerability exists in Socomec MODULYS GP version 7.20 and prior versions, which stems from its lack of strong encryption of credentials on HTTP connections that could allow threat actors to obtain sensitive...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

CVE-2023-21850

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: E-Business Collections. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle E-Business...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

Cisco BroadWorks Application 输入验证错误漏洞

Cisco BroadWorks Application is an enterprise-class calling and collaboration platform from Cisco USA. A security vulnerability exists in the Cisco BroadWorks Application Delivery Platform that stems from improper input validation when parsing HTTP, which can lead to a denial of service...

CVE-2017-16287

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

UBUNTU-CVE-2023-0130

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from a possible heap buffer overflow in its Network Service Allows an attacker to convince a user to install a malicious extensio...

USN-5796-1 w3m vulnerability

It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2023-14818 · Discourse · Discourse-Mermaid-Theme-Component +1

Name of the Vulnerable Software and Affected Versions: Discourse Mermaid discourse-mermaid-theme-component version 1.0.0 Description: The issue allows users who can create posts to inject arbitrary HTML on that post, using the Mermaid syntax in Discourse, open-source forum software...

UBUNTU-CVE-2022-4025

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. Chrome security severity: Low...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions prior to Google Chrome 100.0.4896.75, which stems from the presence of post-release reuse in the history, allowing remote attackers to potentially exploit heap corruption via a craft...