UBUNTU-CVE-2022-3314

Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

curl 资源管理错误漏洞

curl is a tool for transferring data from or to a server. A security vulnerability exists in curl, which stems from a problem in error/cleanup handling that could result in a double release if a transfer with a non-HTTPS URL is performed using an HTTP proxy...

PT-2022-6771 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 107.0.5304.62 Description: The issue is related to an inappropriate implementation in XML, allowing a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. This is due to insufficient...

GHSA-3R7J-8MQH-6QHX Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack

Impact Using jadx-gui to open a special zip file with entry containing HTML sequence like will cause interface to get stuck and throw exceptions like: java.lang.RuntimeException: Can't build aframeset, BranchElementframeset 1,3 :no ROWS or COLS defined. at...

OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

VMware Reactor Netty 安全漏洞

VMware Reactor Netty is a VMware USA company that provides non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC clients and servers based on the Netty framework. A security vulnerability exists in VMware Reactor Netty versions 1.0.11 through 1.0.23, which stems from logging headers in the presen...

CVE-2022-39411

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-21636

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Session Management. Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

activemq-artemis: AMQ Broker web console HTML Injection

A security vulnerability was found in ActiveMQ Artemis. This flaw allows an attacker to show malicious content and redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

The vulnerability of the CERT/CC VINCE software coordination mechanism lies in its lack of measures to neutralize special elements, allowing attackers to inject arbitrary HTML code.

The vulnerability of the CERT/CC VINCE software coordination mechanism exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely, using the “Product Affected” field...

The vulnerability of the ruby-mysql library, related to errors in processing hypertext links, allows attackers to gain access to confidential data.

The vulnerability of the ruby-mysql library is related to errors in processing hypertext links. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

The vulnerability of the Firefox browser for Android, related to errors in processing hypertext links, allows attackers to gain access to confidential data.

The vulnerability of the Firefox browser for Android is related to errors in processing hypertext links. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

UBUNTU-CVE-2022-2857

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

USN-5629-1 python3.5 vulnerability

It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic...

Nextcloud: XSS in Desktop Client via user status and information

Summary: The Nextcloud Desktop Client application does not properly neutralize the Full Name and Status Message of users before using them. Steps To Reproduce: Server Machine: 1. Install the Nextcloud Server application 2. Log into your account 3. Navigate to your profile page 4. Set the Full Nam...

Apple SwiftNIO Extras 安全漏洞

Apple SwiftNIO Extras is an extension for the SwiftNIO web application framework from Apple Inc. A security vulnerability exists in Apple SwiftNIO Extras, which stems from the fact that if garbage data is appended to the body of an HTTP message, the code will repeatedly attempt to decompress this...

CVE-2022-2635

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...