Author: Cyberthreat Blog

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a “canonical” URL on installation of concrete5 using the “Advanced Options” settings....

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability...

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).