Page 8 of 80 results (0.029 seconds)

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Diagnostics Hub Standard Collector. Este ID de CVE es diferente de CVE-2021-1651 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del recopilador estándar de Diagnostics Hub. Este ID de CVE es diferente de CVE-2021-1680 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0

Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota en Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

Visual Studio Tampering Vulnerability Vulnerabilidad de Manipulación de Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100 •

CVSS: 6.1EPSS: 1%CPEs: 8EXPL: 1

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demostrado al anidar los elementos FORM • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass https://www.oracle.com//security-alerts/cpujul2021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •