8428 matches found
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF
Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...
UBUNTU-CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...
PT-2020-16664 · Eclipse +3 · Eclipse Jetty +3
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.0.RC0 through 9.4.34.v20201102 Eclipse Jetty versions 10.0.0.alpha0 through 10.0.0.beta2 Eclipse Jetty versions 11.0.0.alpha0 through 11.0.0.beta2 Description: The issue occurs when GZIP request body inflation is...
Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory. - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass...
CVE-2019-8075
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...
CVE-2020-4886
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910...
About the security content of Safari 13.1.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
cxf: JMX integration is vulnerable to a MITM attack
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...
[SECURITY] Fedora 31 Update: kata-ksm-throttler-1.11.1-1.fc31.1
This project implements a Kernel Same-page Merging throttling daemon. The Kata Containers runtime creates a virtual machine VM to isolate a set of container workloads. The VM requires a guest kernel and a guest operating system "guest OS" to boot and create containers inside the guest environment...
Fedora: Security Advisory for kata-ksm-throttler (FEDORA-2020-15a1bde727)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
varnish: not clearing pointer between two client requests leads to information disclosure
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the...
cyrus-imapd: privilege escalation in HTTP request
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
CVE-2020-15992
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
DEBIAN-CVE-2020-15992
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
CVE-2020-15992
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
CVE-2020-15973
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...
DEBIAN-CVE-2020-15973
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...
CVE-2020-15992
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
Spoofing
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
CVE-2020-15973
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...