CVE-2017-3934

Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver...

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

The Cisco Spark Hybrid Calendar Service connects the local Microsoft Exchange calendar to the Cisco Spark cloud for installing meeting times. Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability. An unauthenticated, remote attacker views the unencrypted header information of a...

Google Chrome omnibox content spoofing vulnerability (CNVD-2017-33599)

Google Chrome for Mac, Windows and Linux is a web browser developed by Google for Mac, Windows and Linux platforms.Omnibox is one of the real-time search engines. A security vulnerability exists in Omnibox in Google Chrome on Linux, Windows and Mac platforms. A remote attacker can exploit this...

CVE-2017-5104

Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page...

UBUNTU-CVE-2017-5088

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page...

UBUNTU-CVE-2017-5117

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

wget: Stack-based buffer overflow in HTTP protocol handling

A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code...

chromium-browser: incorrect stack manipulation in webassembly

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation...

chromium-browser: out of bounds read in skia

Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

CVE-2017-10406

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

Atlassian FishEye and Crucible Cross-Site Scripting Vulnerabilities

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the administration user deletion resource ...

CVE-2017-12230

A vulnerability in the web-based user interface web UI of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the...

DEBIAN-CVE-2014-2029

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com...

Trend Micro OfficeScan Information Disclosure Vulnerability

Trend Micro OfficeScan is a best-of-breed endpoint security solution for mid-sized and large organizations, with a future-proof, resilient architecture that allows you to customize your threat protection and data protection through plug-ins. An information disclosure vulnerability exists in Trend...

The vulnerability of the “/com.sap.portal.design.datamigration.LogPortalComponent” component of the SAP NetWeaver software integration platform allows a hacker to inject any HTML tags into the page.

The vulnerability of the “/com.sap.portal.design.datamigration.LogPortalComponent” component of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the structure of the web page. This vulnerability allows a malicious actor to inject arbitrary HTML...

Cisco Wide Area Application Services Denial of Service Vulnerability

Cisco Wide Area Application Services WAAS is the United States Cisco Cisco company's set of WAN link acceleration software. The software is mainly used for small bandwidth and high latency link environment. A denial of service vulnerability exists in the HTTP web interface in Cisco WAAS, which...

Cisco Cloud Web Security Security Restriction Bypass Vulnerability

Cisco Cloud Web Security is the United States Cisco Cisco company's set of network security protection software. connector engine is one of the connector engine. A security vulnerability exists in the connector engine in Cisco Cloud Web Security, which stems from the program's failure to properly...

Unspecified vulnerability in Apache Traffic Server HTTP/2 experimental feature

Apache Traffic Server is the United States Apache Apache Software Foundation of an efficient , scalable HTTP proxy and caching server . An unspecified vulnerability exists in the HTTP/2 experimental feature in Apache Traffic Server versions 5.3.x prior to 5.3.2. No details of the vulnerability ar...

Unspecified Vulnerability in Apache Traffic Server (CNVD-2017-34167)

Apache Traffic Server is the United States Apache Apache Software Foundation of an efficient , scalable HTTP proxy and caching server . A security vulnerability exists in the HTTP/2 experimental feature in Apache Traffic Server versions 5.3.x prior to 5.3.2. No details of the vulnerability are...

Arbitrary file download vulnerability in EasyAdmin /application/index/controller/index.php page

EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. An arbitrary file download vulnerability exists in the EasyAdmin /application/index/controller/index.php page. An attacker can download system configuration files by...