The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, relates to errors during permission saving, allowing a malicious actor to mistakenly assign a security certificate to an HTTP page.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to errors during the saving of permissions. Exploiting this vulnerability could allow a remote attacker to erroneously assign a security certificate to an HTTP page...

The vulnerability of the LOV sub-component of the Oracle Depot Repair component in the Oracle E-Business Suite automation system allows a malicious individual to gain unauthorized access to the device and disclose protected information.

The vulnerability of the LOV sub-component of the Oracle Depot Repair component in the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and disclose protected...

The vulnerability of the Customer Tab sub-component of the Oracle Customers Online component of the Oracle E-Business Suite allows a malicious actor to gain unauthorized access to the device and disclose protected information.

The vulnerability of the Customer Tab sub-component of the Oracle Customers Online component of the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and disclose protected...

The vulnerability of the Document Management sub-component of the Oracle Document Management and Collaboration system, a business automation solution from Oracle E-Business Suite, allows an intruder to gain unauthorized access to the device and disclose protected information.

The vulnerability of the Document Management sub-component of the Oracle Document Management and Collaboration component in the Oracle E-Business Suite system relates to coding errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the devi...

PT-2021-7372 · Python +10 · Python +10

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: A flaw in the HTTP client code of Python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat...

DEBIAN-CVE-2021-21233

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-21206

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-21213

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-21226

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

EUVD-2021-8597

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Mozilla: Secure Lock icon could have been spoofed

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Secure Lock icon could have been spoofed

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

CVE-2021-2314

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Profiles. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is a seamless integration of a management suite.Oracle Universal...

Oracle Financial Services Analytical Applications 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is the Oracle Financial Services Analytical Applications Infrastructure that powers the Oracle Financial Services Analytical Applications family of products. A security vulnerability exists in the Rules Framework component of Oracle...

Google Chrome 缓冲区错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A security vulnerability exists in Google Chrome that stems from a boundary error in the V8 browser engine when handling untrusted HTML content. No detailed...

Oracle E-Business Suite Oracle Trade Management Quotes 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is seamlessly integrated with a management suite.Oracle Trade...

Oracle Business Intelligence Enterprise Edition 安全漏洞

Oracle Business Intelligence Enterprise Edition OBIEE is a business intelligence BI tool from Oracle Corporation. A security vulnerability exists in the Analytics Actions component in Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0. An attacker could...

wendu dio 注入漏洞

wendu dio is a wendu open source application system . Dart's powerful Http client , it supports interceptor , global configuration , FormData, request cancelation , file downloads, timeout and so on . dio package version 4.0.0 injection vulnerability , an attacker can use the vulnerability to...

Atlassian Jira Server & Data Center 跨站脚本漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a cross-site scripting vulnerability th...