Telesquare TLR-2005KSH 安全漏洞

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from Telesquare Korea.Telesquare TLR-2005KSH is vulnerable to an access control error, which can be exploited by attackers to upload arbitrary files, including HTML and CGI formats...

AZL-33638 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

The vulnerability of Google Chrome’s cookie handling mechanism, related to authentication errors, allows a violator to circumvent existing access restrictions policies.

The vulnerability of Google Chrome’s cookie handling mechanism is related to authentication errors. Exploiting this vulnerability allows a remote attacker to circumvent existing policies regarding access restrictions for HTML elements through a specially created HTML page...

The vulnerability of Google Chrome’s Navigation function, related to a lack of mechanism for verifying the source, allows attackers to manipulate the content of the address bar.

The vulnerability of Google Chrome’s Navigation function is related to a lack of mechanisms for verifying the source of the content. Exploiting this vulnerability could allow a malicious actor to manipulate the URL input by using a specially created HTML page...

ROS-2-2177

2.2177 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-38020

Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2021-38011

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-21877

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...

The vulnerability of the Mojo messaging library in Microsoft Edge and Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of the Mojo messaging library in Microsoft Edge and Google Chrome lies in the insufficient validation of input data during the processing of HTML content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created malicious web...

PT-2021-23300 · Tp Link · Tp-Link Ax10V1

Name of the Vulnerable Software and Affected Versions: TP-Link AX10v1 versions prior to V1 211117 Description: A misconfiguration in the HTTP/1.0 and HTTP/1.1 protocols of the web interface allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigur...

The vulnerability of the Google Chrome browser’s WebUI user interface allows a hacker to circumvent existing access restrictions.

The vulnerability in the user interface of Google Chrome’s WebUI exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to circumvent existing access restrictions by using a specially created HTML page...

The vulnerability of Google Chrome’s WebView component allows a hacker to bypass existing security restrictions by using a specially created HTML page.

The vulnerability of Google Chrome’s WebView component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

The vulnerability of the Google Chrome browser’s Media component, caused by a numerical overflow, allows a malicious actor to trigger an overflow in the buffer through a specially created HTML page.

The vulnerability of the Google Chrome browser’s Media component is caused by a numerical overflow condition. Exploiting this vulnerability allows an attacker to trigger the overflow by using a specially created HTML page...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

The vulnerability of the ArcGIS Server server, related to improper handling of code generation, allows a attacker to execute arbitrary HTML code.

The vulnerability of ArcGIS Server is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...