CentOS 8 : libreoffice (CESA-2020:1598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1598 advisory. - libreoffice: Remote resources protection module not applied to bullet graphics CVE-2019-9849 - libreoffice: Insufficient URL validation allowing...

Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-001 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-001...

SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability (CNVD-2021-03703)

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A security vulnerability exists in SAP NetWeaver AS ABAP that stems from a failure to adequately encode URLs, allowing an attacker to enter malicious java script in...

SAP NetWeaver AS Java and AS ABAP Multiple Vulnerabilities (Dec 2020)

The version of SAP NetWeaver AS Java or ABAP detected on the remote host is affected by multiple vulnerabilities, as follows: - SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing...

CVE-2020-26835

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting XSS vulnerability...

Cross site scripting

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting XSS vulnerability...

CVE-2020-26835

SAP NetWeaver AS ABAP (versions 740–754) is affected by a reflected XSS due to insufficient URL encoding, allowing an attacker to inject JavaScript via the URL and execute it in the browser. This is described in CNVD-2021-03703 and PT-2020-16518, which note the root cause as improper URL encoding...

CVE-2020-26835

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting XSS vulnerability...

SAP NetWeaver AS ABAP 跨站脚本漏洞

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A security vulnerability exists in SAP NetWeaver AS ABAP that stems from a failure to adequately encode URLs, allowing an attacker to enter malicious java script in...

Path traversal

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...

PT-2020-17077 · Gitea +1 · Gitea +1

Name of the Vulnerable Software and Affected Versions: Gitea versions 0.9.99 through 1.12.x before 1.12.6 Description: The issue arises from the failure to prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in...

Information Disclosure

semantic-release is vulnerable to information disclosure. Secrets that would normally be masked can be disclosed when they contain characters that become encoded when included in a URL...

CVE-2020-26226

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...

Secret disclosure when containing characters that become URI encoded

Impact Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Patches Fixed in v17.2.3 Workarounds Secrets that do not contain characters that become encoded when included in a URL are already...

PT-2020-20862 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Safari versions prior to 13.1.2 iTunes for Windows versions prior to 12.10.8 iCloud for Windows versions prior to 11.3 and...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

openSUSE Security Update : libmediainfo / mediainfo (openSUSE-2020-1390)

This update for libmediainfo, mediainfo fixes the following issues : libmediainfo was updated to version 20.08 : Added : - MPEG-H 3D Audio full featured support group presets, switch groups, groups, signal groups - MP4/MOV: support of more metadata locations - JSON and XML outputs: authorize...

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...

Exploit for CVE-2020-13933

CVE-2020-13933 – Test Bed shiro: Permission configuration...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...