Cisco Jabber for Windows Protocol Handler Command Injection (cisco-sa-jabber-vY8M4KGB)

According to its self-reported version, Cisco Jabber for Windows is affected by a Windows Protocol Handler Command Injection vulnerability. The vulnerability exists in the web-based user interface due to improper handling of input to the application protocol handlers. An unathenticated, remote...

CVE-2020-3495

Cisco Jabber is vulnerable to Cross Site Scripting XSS through XHTML-IM messages. The application does not properly sanitize incoming HTML messages and instead passes them through a flawed XSS filter. Recent assessments: wvu-r7 at September 03, 2020 7:38pm UTC reported: This XSS combined with...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...

chromium-browser: Inappropriate implementation in external protocol handlers

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2020-6522

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Input validation

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol handler of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficien...

Directory Traversal

thunderbird is vulnerable to directory traversal. The vulnerability exists as a directory traversal flaw was found in the Thunderbird resource:// protocol handler. Malicious content could cause Thunderbird to access arbitrary files accessible to the user running Thunderbird...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-9197

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code...

CVE-2019-9197

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code...

CVE-2019-9197

Unity Editor 2018.3 is affected by CVE-2019-9197 via the com.unity3d.kharma protocol handler. A crafted com.unity3d.kharma URI can trigger remote code execution, with the attacker able to run code in the context of the current user. Exploitation requires user interaction (the target must visit a ...

Updated curl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4...

EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2252)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 Note that Tenable Network Security has extracted the precedi...

Amazon Linux 2 : curl (ALAS-2019-1340)

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.CVE-2019-5481 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Lin...

Heap overflow

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...

CVE-2019-16305

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...

CVE-2019-16305

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...

Command injection

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...

CVE-2019-16305

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...

CVE-2019-16305

CVE-2019-16305 affects Mobatek MobaXterm 11.1 and 12.1. The protocol handler is vulnerable to command injection: a crafted MobaXterm protocol link prompts the user to run MobaXterm to handle the link, then prompts for further confirmation, enabling command execution (demonstrated via MobaXterm://...