110 matches found
CVE-2022-0300
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...
Updated chromium-browser-stable packages fix security vulnerability
CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...
KLA12435 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...
Use After Free
Chrome is vulnerable to use after free. The vulnerability exists due to a lack of sanitization in Text Input Method...
Chromium: CVE-2022-0300 Use after free in Text Input Method Editor
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Stable Channel Update for Desktop
The Stable channel has been updated to 97.0.4692.99 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 96.0.4664.110 for Windows and Mac which will roll out over the coming days/weeks A full list of changes in this build is...
KLA12429 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in Service Worker API can be exploited to cause denial of servic...
The vulnerability in the browser text input implementation of Google Chrome allows attackers to disclose protected information.
The vulnerability in the browser text input implementation of Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
December 14, 2021—KB5008223 (OS Build 20348.405)
December 14, 2021—KB5008223 OS Build 20348.405 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release known as a “B”...
CVE-2021-24369
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...
GHSA-4943-9VGG-GR5R Cross-site Scripting in quill
A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that...
Design/Logic Flaw
The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...
Openslide Cross-Site Scripting Vulnerability
Openslide is Openslide organization of a C-based code library used to read slide files . The software supports reading files in svs,tif,vms,vmu,ndpi,scn,mrxs,tiff,svslide,tif,bif,tif formats. A cross-site scripting vulnerability exists in OpenSlides, which stems from insufficient user input...
Huawei Mate 20 Denial of Service Vulnerability
Huawei Mate 20 is a smartphone launched by Huawei. A denial of service vulnerability exists in versions prior to Huawei Mate 20 10.1.0.163 C00E160R3P8. An attacker can exploit the vulnerability by entering a large amount of text to cause a denial of service...
CVE-2020-9083
HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163C00E160R3P8 have a denial of service DoS vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service...
CVE-2020-11813
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous...
PT-2019-7263 · WordPress · Ultimate Member
Name of the Vulnerable Software and Affected Versions: ultimate-member plugin versions prior to 1.3.18 Description: The issue is related to a Cross-Site Scripting XSS vulnerability, which occurs when an application includes user input in its output without proper validation or sanitization,...
NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110)
The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox E...
CVE-2018-19933
Bolt CMS before 3.6.2 is vulnerable to cross-site scripting via the text input click preview button, demonstrated by the Title field of a configured or new entry. Related advisories (GHSA-2G23-QMMP-FVMR, OSV entries) link this XSS to Bolt 3.6.4 and earlier references, including a public exploit/d...
CVE-2018-19933
Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry...