IBM Cloud Pak for Security 安全漏洞

IBM Cloud Pak for Security is an application from IBM USA, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability that could be exploited by a...

chromium-browser: Out of bounds write in ANGLE

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

LavaLite 跨站脚本漏洞

LavaLite is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in LavaLite CMS version 5.8.0, which can be bypassed by an attacker using an HTML event handler such as "ontoggle"...

The vulnerability of the cPython programming language, related to deficiencies in HTTP request processing, allows attackers to compromise data integrity or cause service failures.

The vulnerability of the cPython programming language in Python is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to compromise data integrity or cause service failures...

CVE-2021-2355

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

Oracle E-Business Suite 输入验证错误漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

PT-2021-3745 · Owasp +1 · Owasp Antisamy +1

Name of the Vulnerable Software and Affected Versions: OWASP AntiSamy versions prior to 1.6.4 Description: The issue allows for cross-site scripting XSS attacks via HTML attributes when using the HTML output serializer. This was demonstrated by a javascript: URL, where the colon character was...

chromium-browser: Out of bounds write in ANGLE

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. Google Chrome V8 has a security vulnerability that could be exploited by remote attackers to conduct potential attacks via specially crafted HTML pages using heap corruption...

The vulnerability of the clean module in the Lxml library for processing XML and HTML markup lies in its lack of protection measures for website structure. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the clean module in the Lxml library for processing XML and HTML markup is related to improper browser emulation. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page...

The vulnerability of Google Chrome’s WebGL component, which allows a hacker to trigger a service failure

The vulnerability of Google Chrome’s WebGL component is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause a service failure through a specially created HTML page...

The vulnerability of the htmlParseTryOrFinish function in the HTMLparser.c component of the Libxml2 library arises from reading data beyond the allowed buffer limits. This allows an attacker to access confidential data and also cause a service failure.

The vulnerability of the htmlParseTryOrFinish function in the HTMLparser.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...

elFinder 安全漏洞

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling and other features. A security vulnerability exists in ElFinder 2.1.47 and earlier versions, which stems from a command injection vulnerability in the program's P...

The vulnerability of the Adobe InCopy text creation and editing software lies in its lack of path name checking for restricted access directories, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe InCopy text creation and editing software is related to deficiencies in checking the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current user, through a specially craft...

The vulnerability of the Apache OpenOffice office software, related to errors in processing hypertext links, allows a hacker to execute arbitrary code.

The vulnerability of the Apache OpenOffice office software is related to errors in processing hypertext links. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted link within a document...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

The vulnerability of the Account Hierarchy Manager component of the Oracle General Ledger financial processing system allows a hacker to gain access to create, modify, or delete data.

The vulnerability of the Account Hierarchy Manager component in the Oracle General Ledger financial processing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to create, modify, or delete data using the HTTP protocol...

The vulnerability of the Mobile Expenses component of the Oracle Internet Expenses financial management application allows a malicious user to gain access to update, modify, or delete data.

The vulnerability of the Mobile Expenses component of the Oracle Internet Expenses financial management application relates to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker to gain access to update, modify, or delete data using the HTTP protocol...