Lucene search
K

1933 matches found

CVE
CVE
added 2021/02/26 9:45 p.m.105 views

CVE-2021-26566

CVE-2021-26566 affects Synology DiskStation Manager (DSM) via the synorelayd component, where a vulnerability prior to DSM 6.2.3-25426-3 allows a remote attacker to induce insertion of sensitive information into outbound data through inbound QuickConnect traffic, enabling a man‑in‑the‑middle to e...

9CVSS9.2AI score0.01442EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/02/25 11:15 p.m.29 views

Remote code execution

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...

6.8CVSS8.7AI score0.02148EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2021/02/09 8:0 a.m.86 views

Package Managers Configurations Remote Code Execution Vulnerability

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...

8.4CVSS8.9AI score0.02148EPSS
Exploits0
CNNVD
CNNVD
added 2021/01/25 12:0 a.m.5 views

Caret Editor Input Validation Error Vulnerability

Caret Editor is a Markdown file editor from Caret. Caret Editor before 4.0.0-rc22 suffers from an input validation error vulnerability that stems from a specially crafted Markdown document that could lead to the execution of malicious JavaScript code in the insertion symbol editor...

10CVSS7.5AI score0.04685EPSS
Exploits0References8
NVD
NVD
added 2020/12/31 10:15 a.m.20 views

CVE-2020-35895

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...

10CVSS9.6AI score0.01844EPSS
Exploits0References1
Prion
Prion
added 2020/12/31 10:15 a.m.15 views

Design/Logic Flaw

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...

10CVSS9.5AI score0.01844EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/31 8:23 a.m.35 views

CVE-2020-35895

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...

9.6AI score0.01844EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.8 views

Rust Buffer Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in stack crate before 0.3.1 for Rust, which stems from ArrayVec having an out-of-bounds write operation via element insertion...

10CVSS5.8AI score0.01844EPSS
Exploits0References2
RustSec
RustSec
added 2020/12/01 12:0 p.m.21 views

Unsound: can make `ARefss` contain a !Send, !Sync object.

ARefss is a type that is assumed to contain objects that are Send + Sync. In the affected versions of this crate, Send/Sync traits are unconditionally implemented for ARefss. By using the ARefss::map API, we can insert a !Send or !Sync object into ARefss. After that, it is possible to create a da...

4.7CVSS0.2AI score0.00242EPSS
Exploits1Affected Software1
Prion
Prion
added 2020/11/16 3:15 p.m.11 views

Cross site scripting

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed...

4.3CVSS6.1AI score0.00799EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/11/16 12:15 p.m.29 views

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

6.5CVSS6.5AI score0.01346EPSS
Exploits1References3
OSV
OSV
added 2020/10/30 8:35 p.m.2 views

OPENSUSE-SU-2020:1780-1 Security update for MozillaThunderbird and mozilla-nspr

This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 new: MailExtensions: browser.tabs.sendMessage API added new: MailExtensions: messageDisplayScripts API added changed: Yahoo and AOL mail users using password authentication will be migrated ...

9.8CVSS8.6AI score0.0262EPSS
Exploits0References12
CNVD
CNVD
added 2020/10/23 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Java SE and Oracle Java SE Embedded (CNVD-2020-61055)

Java SE is short for Java Platform Standard Edition, which is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments. Java SE Embedded is based on Java SE and provides specific features and support for embedded systems. An unspecified...

5.8CVSS7.4AI score0.02203EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/22 12:0 a.m.4 views

Oracle WebLogic Server Access Control Issue Vulnerability

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

6.8CVSS9AI score0.01939EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/15 12:0 a.m.4 views

Unspecified Vulnerability in Oracle E-Business Suite Application Object Library (CNVD-2020-43701)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management and other functions. Application Object Library AOL,...

5.3CVSS9AI score0.01205EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/09 2:46 p.m.24 views

CVE-2020-12408

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...

6.5AI score0.0083EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/07/09 2:46 p.m.33 views

CVE-2020-12408

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...

6.5CVSS6.6AI score0.0083EPSS
Exploits0
Snyk
Snyk
added 2020/06/11 3:21 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith,...

8.7CVSS5.4AI score
Exploits0References2
Information Security Automation
Information Security Automation
added 2020/06/03 11:11 p.m.38 views

Add new features to Notepad++ using Python scripts: keyboard shortcut to insert current time

I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my “logbook” there. I record what I am doing now and what needs to be done. This allows me not to keep everything in my head and switch the context more efficiently. I can recommend this to everyone. And it is...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2020/06/02 12:0 a.m.16 views

CVE-2020-12408

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...

6.5CVSS6.9AI score0.0083EPSS
Exploits0References3
Rows per page
Query Builder