The vulnerability of Google Chrome’s API, related to shortcomings in domain restriction mechanisms (Same Origin Policy), allows attackers to access sensitive data.

The vulnerability of Google Chrome’s API is related to improper implementation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

UBUNTU-CVE-2021-38381

Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash...

CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...

CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...

UBUNTU-CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...

Sannce Smart HD Wifi Security Camera 安全漏洞

The sannce Sannce Smart HD Wifi Security Camera is an industrial control device from sannce. A camera. A security vulnerability exists in the Sannce Smart HD Wifi Security Camera EAN 2 950004 595317, which stems from the fact that by default, the device has an available TELNET interface not...

The vulnerability of the DNS server Dnsmasq, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the integrity of the protected information.

The vulnerability of the Dnsmasq DNS server lies in the lack of checking for requests with the same name. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

PT-2021-20922 · Openvpn · Openvpn 3 Core Library

Name of the Vulnerable Software and Affected Versions: OpenVPN 3 Core Library versions 3.6 through 3.6.1 Description: The issue allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the...

Vulnerabilities fixed in Esri ArcGIS Server

Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...

JSONP Injection

JSONP JSON with Padding is a JavaScript technique that allows you to query data from a server without worrying about cross-domain issues by using the tag scripts rather than the XMLHttpRequest object and thus not worrying about the browser's same-origin-policy restrictions. Due to the nature of...

SUSE SLES11 Security Update : MozillaFirefox, firefox-glib2, firefox-gtk3 (SUSE-SU-2019:14173-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14173-1 advisory. - Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these...

SUSE: Security Advisory (SUSE-SU-2016:3080-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0593-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:14124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2012:0221-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:4235-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

Reddit: XSS

hi security team i have found a XSS in old.reddit.com and in reddit.com Description: Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the...

codeql action信息泄露漏洞

codeql action is a software application. It is used to run CodeQL, GitHub's industry-leading static analysis engine, on the repository's source code to find security vulnerabilities. codeql action has a security vulnerability that stems from an access token being visible to other processes on the...