ROS-20250109-07

A vulnerability in the Downloads component of Microsoft Edge and Google Chrome browsers is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity, and availability of protected information...

CVE-2024-45801

A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...

ROS-20240329-06

The vulnerability in the WebAudio component of Google Chrome and Microsoft Edge browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code using a specially crafted HTML page A vulnerability in the...

Fedora 30 : ckeditor (2020-261449d821)

CKEditor 4.14 Security Updates: - CVE-2020-9281 Fixed XSS vulnerability in the HTML data processor reported by Micha Bentkowski of Securitum. Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially...

GLSA-202003-53 : Chromium, Google Chrome: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-53 Chromium, Google Chrome: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers for details. Impact : A remote attacker could...

CVE-2018-3741

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

Abyss Web Server < 2.11.6 - Heap Memory Corruption

Credits: John Page aka HyP3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt + ISR: ApparitionSec Vendor: ========== aprelium.com Product: =========== Abyss Web Server v2.11.6 Vulnerability Type:...

Fedora 16 : bugzilla-4.0.6-1.fc16 (2012-6368)

The following security issues have been discovered in Bugzilla : - When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. - An attacker can get access to some bug information using the victim's...

Viscom Software Image Viewer ActiveX Buffer Overflow

A buffer overflow vulnerability has been reported in Viscom Software Image Viewer. The vulnerability is due to a boundary error when handling a certain function call with an overly long parameter. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially...

US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-270A Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Original release date: September 27, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows...