1933 matches found
CVE-2021-26566
CVE-2021-26566 affects Synology DiskStation Manager (DSM) via the synorelayd component, where a vulnerability prior to DSM 6.2.3-25426-3 allows a remote attacker to induce insertion of sensitive information into outbound data through inbound QuickConnect traffic, enabling a man‑in‑the‑middle to e...
Remote code execution
Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...
Package Managers Configurations Remote Code Execution Vulnerability
Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...
Caret Editor Input Validation Error Vulnerability
Caret Editor is a Markdown file editor from Caret. Caret Editor before 4.0.0-rc22 suffers from an input validation error vulnerability that stems from a specially crafted Markdown document that could lead to the execution of malicious JavaScript code in the insertion symbol editor...
CVE-2020-35895
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...
Design/Logic Flaw
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...
CVE-2020-35895
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...
Rust Buffer Error Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in stack crate before 0.3.1 for Rust, which stems from ArrayVec having an out-of-bounds write operation via element insertion...
Unsound: can make `ARefss` contain a !Send, !Sync object.
ARefss is a type that is assumed to contain objects that are Send + Sync. In the affected versions of this crate, Send/Sync traits are unconditionally implemented for ARefss. By using the ARefss::map API, we can insert a !Send or !Sync object into ARefss. After that, it is possible to create a da...
Cross site scripting
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed...
CVE-2020-7773
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...
OPENSUSE-SU-2020:1780-1 Security update for MozillaThunderbird and mozilla-nspr
This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 new: MailExtensions: browser.tabs.sendMessage API added new: MailExtensions: messageDisplayScripts API added changed: Yahoo and AOL mail users using password authentication will be migrated ...
Unspecified Vulnerability in Oracle Java SE and Oracle Java SE Embedded (CNVD-2020-61055)
Java SE is short for Java Platform Standard Edition, which is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments. Java SE Embedded is based on Java SE and provides specific features and support for embedded systems. An unspecified...
Oracle WebLogic Server Access Control Issue Vulnerability
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Unspecified Vulnerability in Oracle E-Business Suite Application Object Library (CNVD-2020-43701)
Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management and other functions. Application Object Library AOL,...
CVE-2020-12408
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...
CVE-2020-12408
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith,...
Add new features to Notepad++ using Python scripts: keyboard shortcut to insert current time
I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my “logbook” there. I record what I am doing now and what needs to be done. This allows me not to keep everything in my head and switch the context more efficiently. I can recommend this to everyone. And it is...
CVE-2020-12408
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...