KLA12142 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface. Below is a...

KB5001339: Windows 10 version 1803 Security Update (April 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...

KLA12139 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of...

CVE-2020-15002

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API...

CVE-2020-15002

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API...

CVE-2020-15002

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API...

CVE-2020-12079

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API...

CVE-2020-12079

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API...

PT-2020-13031 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Beaker versions prior to 0.8.9 Description: The issue allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution...

DEBIAN-CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

Google to Block Third-Party Software from Injecting Code into Chrome Browser

To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code...

Internet Explorer help

None None...

Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95)

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

UBUNTU-CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

Microsoft Internet Messaging API Information Disclosure Vulnerability (3196067)

This host is missing a moderate security update according to Microsoft Bulletin MS16-126. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS16-126: Description of the security update for Microsoft Internet Messaging API: October 11, 2016

MS16-126: Description of the security update for Microsoft Internet Messaging API: October 11, 2016 Summary This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in...

MS16-126: Security update for Microsoft Internet Messaging API: October 11, 2016

Resolves a vulnerability in Windows that could allow information disclosure when the Microsoft Internet Messaging API improperly handles objects in memory.SummaryThis security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft...

Enonic XP: source code security analysis report

Several vulnerabilities were discovered in Enonic AS 'Enonic XP' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из недоверенных источников HttpOnly...

VulnCheck KEV: CVE-2016-3298

An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk...