Google Chrome memory misreference vulnerability (CNVD-2021-04419)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in "Media" in Google Chrome versions prior to 87.0.4280.141. A remote attacker can exploit the vulnerability to perform sandbox escaping via specially crafted HTML pages...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome prior to version 87.0.4280.141 in "Autofill". A remote attacker can exploit the vulnerability to perform sandbox escaping via specially crafted HTML pages...

DEBIAN-CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...

PT-2024-10821 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 85.0.4183.83 Description: The issue is related to insufficient policy enforcement in Navigation, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could potentially affect a...

Rust Code Injection Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust hyper crate before 0.12.34, which stems from the possibility of HTTP request smuggling. In some cases, remote code can be executed using an HTTP server on a loopback...

PT-2020-17372 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.1 Widgets extension for MediaWiki versions through 1.35.1 Description: An issue was discovered in the Widgets extension for MediaWiki, where any user with the ability to edit pages within the Widgets namespace...

UBUNTU-CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

Treck TCP/IP Buffer Error Vulnerability

Treck TCP/IP is a TCP Transmission Control Protocol/IP Internet Interconnection Protocol suite from Treck, Inc. dedicated to embedded systems. A security vulnerability exists in Treck TCP/IP stack version 6.0.1.67 and prior versions, which stems from a vulnerability in the Treck HTTP server...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to inject arbitrary HTML code into users’ browsers.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary HTML code in the user’s browser remotely...

CVE-2020-7549

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...

PT-2020-19625

Name of the Vulnerable Software and Affected Versions Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium versions affected versions not specified Description A vulnerability exists in the Web Server of the affected device...

OpenAsset Digital Asset Management software 跨站脚本漏洞

Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...

Schneider Electric Modicon M340 代码问题漏洞

The Schneider Electric Modicon M340 is a mid-range PLC programmable logic controller for industrial processes and infrastructure from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric Modicon M340, which can be exploited by an attacker to compile a request to...

Frappe Framework Input Validation Error Vulnerability

Frappe Technologies Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe Technologies, India. A security vulnerability exists in Frappe Framework 12 and 13 that stems from not properly validating Frappe's HTTP methods...

PHPOffice PhpSpreadsheet Cross-Site Scripting Vulnerability

PHPOffice PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. A security vulnerability exists in version 0.0.0 of phpoffice/phpspreadsheet, which originates from the affected package phpoffice phpspreadsheet from 0.0.0. The library is susceptible to XSS attacks when creatin...

PT-2020-6371 · Schneider Electric · Modicon M340 +2

Name of the Vulnerable Software and Affected Versions: Modicon M340, Modicon Quantum, Modicon Premium affected versions not specified Description: The issue is related to insufficient checking of unusual or exceptional conditions in the software of programmable logic controllers. This could allow...

AZL-7384 CVE-2020-17527 affecting package tomcat 9.0.39-6

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

IBM Cloud Pak for Security 信息泄露漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. An attacker could exploit the vulnerability via a...

The vulnerability of the Segment component in the Oracle Retail Customer Management and Segmentation Foundation software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Segment component in Oracle Retail Customer Management and Segmentation Foundation software relates to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP protocol...