Page 25 of 149 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 3

CVE-2019-8331 – bootstrap: XSS in the tooltip or popover data-template attribute

https://notcve.org/view.php?id=CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. En Bootstrap, en versiones anteriores a la 3.4.1 y versiones 4.3.x anteriores a la 4.3.1, es posible Cross-Site Scripting (XSS) en los atributos de data-template tooltip o popover. A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired. • https://github.com/Thampakon/CVE-2019-8331 https://github.com/ossf-cve-benchmark/CVE-2019-8331 https://github.com/Snorlyd/https-nj.gov---CVE-2019-8331 http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 http://www.securityfocus.com/bid/107375 https://access.redhat.com/errata/RHSA-2019:1456 https://access.re • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-3923

https://notcve.org/view.php?id=CVE-2019-3923

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue. Nessus, en versiones 8.2.1 y anteriores, contenía una vulnerabilidad Cross-Site Scripting (XSS) persistente debido a la validación incorrecta de entradas proporcionadas por el usuario. Un atacante remoto autenticado podría explotar esta vulnerabilidad mediante una petición especialmente manipulada para ejecutar código script arbitrario en la sesión de navegación de un usuario. • https://www.tenable.com/security/tns-2019-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 2

CVE-2018-5407 – Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel

https://notcve.org/view.php?id=CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos". A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. • https://www.exploit-db.com/exploits/45785 http://www.securityfocus.com/bid/105897 https://access.redhat.com/errata/RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1155

https://notcve.org/view.php?id=CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue. En SecurityCenter, en versiones anteriores a la 5.7.0, un problema de Cross-Site Scripting (XSS) podría permitir que un atacante autenticado inyecte código JavaScript en un parámetro image filename en el área de la funcionalidad Reports. Se han implementado técnicas de validación de entradas correctamente actualizadas para corregir este problema. • http://www.securitytracker.com/id/1041431 https://www.tenable.com/security/tns-2018-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1154

https://notcve.org/view.php?id=CVE-2018-1154

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue. En SecurityCenter, en versiones anteriores a la 5.7.0, un problema de enumeración de nombres de usuario puede permitir que un atacante no autenticado automatice el descubrimiento de alias de nombres de usuario mediante fuerza bruta, facilitando en última instancia el acceso no autorizado. Se ha unificado la salida de la respuesta del servidor para corregir este problema. • http://www.securitytracker.com/id/1041431 https://www.tenable.com/security/tns-2018-11 •