DEBIAN-CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

ML Code Injection Vulnerability

Discuz!ML is an open source community forum system based on the Discuz!X engine. A security vulnerability exists in Discuz!ML version 3.2 to 3.4. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component Access Control Error Vulnerability

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the HTTP data path subsystems subcomponent of the Sun ZFS Storage AK component version 8.8.3 i...

DEBIAN-CVE-2019-1010279

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c...

Mozilla: HTML parsing error can contribute to content XSS

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Xiaomi Mi6 Browser Authorization Bypass Vulnerability

Xiaomi Mi6 Browser is a web browser from Xiaomi Technology Xiaomi, a Chinese company. An authorization bypass vulnerability exists in Xiaomi Mi6 Browser. An attacker can exploit this vulnerability to bypass authorization with a specially crafted HTML response...

Mozilla: Use-after-free with HTTP/2 cached stream

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Mozilla: Use-after-free with HTTP/2 cached stream

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

The vulnerability of ABB’s automation control panels and the PB610 Panel Builder 600 software, which allows a intruder to read and write configuration files of HMI devices or trigger a system restart.

The vulnerabilities of ABB CP620 1SAP520100R0001, CP620 1SAP520100R4001, CP620-WEB 1SAP520200R0001, CP630 1SAP530100R0001, CP630-WEB 1SAP530200R0001CP, CP635 1SAP535100R0001, CP635 1SAP535100R5001, CP635-B 1SAP535100R2001, CP635-WEB 1SAP535200R0001, CP651 1SAP551100R0001, CP651-WEB 1SAP551200R000...

The vulnerability of the web server of the Cisco Integrated Management Controller, a software-based remote management system for servers, allows a perpetrator to trigger a service failure.

The vulnerability of the Cisco Integrated Management Controller, a software-based remote server management system, is related to improper checking of boundaries. Exploiting this vulnerability can allow an attacker to trigger a service failure through a specially created HTTP request...

DEBIAN-CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

CVE-2018-6148

Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2018-6149

Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

UBUNTU-CVE-2019-5810

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

UBUNTU-CVE-2018-6148

Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

The vulnerability of the Cisco Wide Area Application Services Software’s proxy server is related to authentication errors when requesting connections to the HTTPS proxy server. This vulnerability allows a hacker to use the WAAS Central Manager as an HTTPS proxy server.

The vulnerability of the Cisco Wide Area Application Services Software’s proxy server is related to authentication errors when requesting connections to the HTTPS proxy server. Exploiting this vulnerability allows a malicious actor to use the WAAS Central Manager as an HTTPS proxy server by sendi...

ABB PB610 IDAL HTTP server buffer overflow vulnerability

ABB PB610 is a software from ABB Switzerland that designs graphical user interfaces for the CP600 control panel platform. the IDAL HTTP server is one of the HTTP Hypertext Transfer Protocol servers. A buffer overflow vulnerability exists in the IDAL HTTP server in the ABB PB610 that can be...

[SECURITY] Fedora 29 Update: evince-3.30.2-4.fc29

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network (EPN) Manager software, relates to errors in handling HTTP requests. This vulnerability allows an attacker to gain access to protected information.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network EPN Manager software relates to errors in handling HTTP requests. Exploiting this vulnerability can allow a malicious actor to gain access to protected...

PT-2019-2512 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.3.0 Description: The issue is related to the XMLDecoder component of the Oracle WebLogic Server, which has weaknesses in its deserialization mechanism. This can be exploited by a remot...