Apache Dubbo 代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. It provides interface-based remote calling, fault tolerance and load balancing, and automated service registration and discovery. A security vulnerability exists in Apache...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

UBUNTU-CVE-2021-30596

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CLSA-2021-1629902677 Fix of CVE: CVE-2020-14058, CVE-2020-15049

CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack...

python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

Vulnerabilities fixed in multiple implementations of HTTP/2

A PortSwigger researcher has discovered vulnerabilities in several implementations of HTTP/2. The researcher has demonstrated that it is possible to manipulate HTTP/2 requests. When the front-end of an application uses HTTP/2 and forwards the request to the back-end a downgrade to HTTP/1 takes...

Vulnerability fixed in Firefox and Thunderbird

Mozilla has fixed a vulnerability in Thunderbird and Firefox. The vulnerability can be exploited with a so-called HTTP Response Splitting attack. In this attack, the malicious party manages to replace the original content of an HTTP response with rogue content. Mozilla has released updates to fix...

USN-5042-1 haproxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

AZL-6483 CVE-2021-33193 affecting package httpd for versions less than 2.4.52-1

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

The vulnerability of the Mozilla Firefox browser, which allows a hacker to execute arbitrary code on the target system

The vulnerability of the Mozilla Firefox browser is related to a boundary error in the processing of HTML content. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely, as well as cause memory corruption...

Microsoft Edge 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in WebRTC in versions of Google Chrome prior to 92.0.4515.159. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

WordPress 插件安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. There is a security vulnerability in the...

The vulnerability of the WebGL component in Google Chrome web browser allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the WebGL component in Google Chrome browser is related to buffer overflows during the processing of HTML content. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code by opening a malicious web page...

The vulnerability of the library for performing fast, customizable HTML AntiSamy cleanup, related to the lack of measures taken to protect the structure of web pages, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the library for performing a quick, customizable cleanup of HTML files related to AntiSamy is linked to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to carry out cross-site scripting attacks...

Actix-http 环境问题漏洞

Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...

HCC Embedded InterNiche 缓冲区错误漏洞

HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche. The vulnerability stems from the TCP/IP stack parsing HTTP POST request code and can be exploited by an attacker to cause a cache heap overflow...

DEBIAN-CVE-2021-30588

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-30582

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Liferay Portal 和 Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

CVE-2021-33527

In MB connect line mbDIALUP versions = 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service...