inject vulnerabilities and exploits

(subscribe to this query)

8.1

CVSSv3

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox....

Icedtea-web Project Icedtea-web Icedtea-web Project Icedtea-web 1.8.2 Debian Debian Linux 8.0 Opensuse Leap 15.02 Github repositories available

7.8

CVSSv3

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code....

Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Debian Debian Linux 8.0 Artifex Ghostscript Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server Aus 7.6 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server Eus 7.6 Redhat Enterprise Linux Server Tus 7.62 Github repositories available

9.8

CVSSv3

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](security.snyk.io/vuln/SNYK-JS-CONVICT-1062508)...

Mozilla Convict

NA

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API....

Redhat Spacewalk -Redhat Network Satellite Suse Manager 1.7

4.3

CVSSv3

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal....

Intel Lldptool

NA

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field....

Redhat Satellite 5.6 Redhat Spacewalk -Suse Manager 1.7

5.4

CVSSv3

Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description....

Theforeman Foreman

6.1

CVSSv3

XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page....

Google Chrome Redhat Linux Desktop 6.0 Redhat Linux Server 6.0 Redhat Linux Workstation 6.0 Debian Debian Linux 9.0

9.8

CVSSv3

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310....

Redhat Richfaces6 Github repositories available

6.1

CVSSv3

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the...

Hedgedoc Hedgedoc

Get Started

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook