The vulnerability of the Intelligence component of the Oracle Sourcing supply management platform’s RFx Creation platform allows a hacker to gain read, modify, add, or delete access to data.

The vulnerability of the Intelligence component of the Oracle Sourcing supply management platform’s RFx Creation platform is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data using the HTTP...

envoy: Use-after-free when tunneling TCP over HTTP

A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service...

CVE-2022-26627

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file...

The vulnerability of the Expenses component in the Oracle Project Costing calculation service’s CurrencyOverride feature allows a malicious actor to gain unauthorized access to create, modify, or delete data.

The vulnerability of the Expenses component in the Oracle Project Costing calculation service’s CurrencyOverride feature is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to create, modify, o...

The vulnerability of the Kubernetes cluster management software, related to errors in processing hypertext links, allows a hacker to access confidential data.

The vulnerability of the Kubernetes cluster management software is related to errors in processing hypertext links. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

DEBIAN-CVE-2022-0468

Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-0467

Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

UBUNTU-CVE-2022-0804

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page...

UBUNTU-CVE-2022-0809

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0608

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2022-0610

Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the isolated programming environment for the Racket language, related to errors in processing hypertext links, allows attackers to compromise the integrity of data.

The vulnerability of the isolated programming environment Racket is related to errors in processing hypertext links. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

The vulnerability of the filtervar function in the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the filtervar function in the PHP interpreter is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted user input...

fenom 安全漏洞

fenom is a lightweight and fast PHP template engine. fenom 2.12.1 and earlier versions are vulnerable to code injection, which stems from a failure to properly filter the construct command special characters, commands, etc. in the getTemplateCode function of fenom/src/Fenom/Template.php, which ca...

VulnCheck KEV: CVE-2021-31166

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...

The vulnerability of Google Chrome’s Storage component allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s Storage component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created HTML page...

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker who controls the HTTP server to make the client script enter an infinite loop consuming CPU time. The highest threat from this vulnerability is to system availability.

...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted HTML page...