72 matches found
PT-2023-13027 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue. It appears to be a notification about a candidate number that is unused by it...
PT-2022-8212 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about a specific vulnerability. It appears to be a notification about a rejected CVE candidate...
CVE-2021-41495
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...
CVE-2021-43543
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
CVE-2021-43538
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 9...
Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2019-4293)
Summary This vulnerability may allow attacker to reveal the third party software Apache Tomcat Web server version. Vulnerability Details CVEID: CVE-2019-4293 DESCRIPTION: IBM System Storage Storwize V7000 Unified V7000U configuration may allow an attacker to reveal the server version in default...
CVE-2019-9795
A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...
Terminal Services Manager 3.1 Local Buffer Overflow
Exploit Title: Terminal Services Manager 3.1 - Buffer Overflow SEH Date: 2018-12-25 Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: Terminal Services Manager 3.1 Vendor Homepage: https://lizardsystems.com Version: 3.1 Software Link: https://lizardsystems.com/download/tsmanagersetup.exe...
JVN#37943805: Confluence Server vulnerable to script injection
User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability CWE-74. Impact When the administrator embeds a malicious script into User Macros, the embedded script may be executed on the user's web browser. Solution Update the Software Update to the...
CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...
CVE-2018-5103
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...
CVE-2017-7801
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox...
JVN#73083905: Multiple vulnerabilities in WBCE CMS
WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
CVE-2016-9865
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
JVN#91474878: File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted
File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED" encrypts...
Ooorl <= 1.0.0 - XSS
Plugin is still affected and has been closed...
NetGear ReadyNAS code execution
Web interface commands injection...
JVN#26394323: POST-MAIL vulnerable to cross-site scripting
POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...
JVN#02134508: WebsiteBaker vulnerable to cross-site scripting
WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to Lepton CMS according to the information provided by the developer. Products...
Microsoft Visio CVE-2011-1979 Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...