9182 matches found
Input validation
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page...
CVE-2020-6409
The connected advisories confirm CVE-2020-6409 affects Chromium/Google Chrome "Omnibox" in versions before 80.0.3987.87. The issue is described as an inappropriate Omnibox implementation that lets a remote attacker bypass navigation restrictions by enticing a user to visit a crafted domain name. ...
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-6409
Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name...
OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...
CVE-2019-19193
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers i...
CVE-2019-17060
The CVE-2019-17060 entry affects the NXP KW41Z BLE stack (MCUXpresso SDK Bluetooth Low Energy Driver 2.2.1 and earlier). The vulnerability arises because the Link Layer header is not properly restricted when LLID = 0, causing the device to execute certain memory contents upon frame reception. Con...
CVE-2020-6397
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...
CVE-2020-6400
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2020-6396
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Cross site request forgery (csrf)
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
CVE-2013-5113
LastPass prior to 2.5.1 has an insecure PIN implementation...
Information disclosure
LastPass prior to 2.5.1 has an insecure PIN implementation...
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
CVE-2013-5113
LastPass prior to 2.5.1 has an insecure PIN implementation...
CVE-2013-5113
CVE-2013-5113 concerns LastPass versions prior to 2.5.1 and an insecure PIN implementation. The vulnerability affects PIN handling in the affected LastPass release(s) and has associated CVSS scores indicating low (2.0) and medium (3.1) impact metrics in different schemes, with local/physical expo...
MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...