Cross-site Scripting (XSS) - Reflected in pimcore/data-hub

Description pimcore Datahub is vulnerable to Reflected XSS in the Path of Documents, Assets and Objects in the Security Definition tab Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Datahub icon and click on any existing configuration then ...

CVE-2021-46347

There is an Assertion 'ecmaobjectcheckclassnameisobject objp' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0...

CVE-2021-46347

There is an Assertion 'ecmaobjectcheckclassnameisobject objp' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0...

CVE-2021-46347

There is an Assertion 'ecmaobjectcheckclassnameisobject objp' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0...

JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine from the JerryScript Jerryscript project.A security vulnerability exists in JerryScript version 3.0.0, which stems from a stack overflow in /ecma/operations/ecma-objects.c. No detailed vulnerability details are currently available...

JerryScript 安全漏洞

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a denial-of-service vulnerability in version 3.0.0, which stems from a failed assertion in /jerry-core/ecma/operations/ecma-objects.c , an attacker could use this vulnerability to launch a denial of service...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Pimcore settings module is vulnerable to stored cross site scripting Proof of Concept 1 . Login to dev demo account. https://10.x-dev.pimcore.fun/ 2 . Goto settings --data objects --Add a new class -- add payload in icon field 3 . Click save and close and open that class alert will...

The vulnerability of the read_objects() function in the .fig Fig2dev file conversion utility involves a buffer overflow issue in memory operations. This vulnerability allows an attacker to compromise data integrity and cause service failures.

The vulnerability of the readobjects function in the .fig Fig2dev file conversion utility is related to the execution of operations outside of the buffer. Exploiting this vulnerability could allow a remote attacker to compromise data integrity and cause service failures...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...

CVE-2021-43949

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...

CVE-2021-43949

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...

Google protobuf 安全漏洞

Google protobuf is a data exchange format from Google, Inc. A security vulnerability exists in Google protobuf java that allows a small malicious load to occupy the parser for several minutes by creating a large number of short-lived objects that cause frequent, repetitive pauses...

Atlassian Jira 信息泄露漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira Center is vulnerable to an access control error that occurs when a networked system or product does not properly restrict access to resources from unauthorized roles, which can be exploited by an...

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP...

GHSA-8RH6-H94M-VJ54 Incorrect Comparison in cvxopt

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

Incorrect Comparison in cvxopt

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...