Lucene search
+L

92 matches found

gitlab
gitlab
added 2023/12/14 12:0 a.m.76 views

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

7.5CVSS6.7AI score0.01121EPSS
Exploits0References5Affected Software1
veracode
veracode
added 2023/12/01 7:53 a.m.21 views

Regular Expression Denial Of Service (ReDoS)

@adobe/css-tools is vulnerable to Denial Of Service. The vulnerability is due to exponential regex backtracking when parsing CSS in the parse method of src/parse/index.ts, which can result in Denial of Service...

7.5CVSS6.7AI score0.01121EPSS
Exploits0References1Affected Software1
susecve
susecve
added 2023/11/21 2:19 a.m.4 views

SUSE CVE-2023-26364

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

5.3CVSS9AI score0.00985EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/11/17 12:0 a.m.8 views

Adobe css-tools security vulnerability

Adobe css-tools is a CSS parser/string generator for Node.js from Adobe USA. A security vulnerability exists in Adobe css-tools version 4.3.0 and prior versions, which stems from incorrect input validation, resulting in a minor denial of service when attempting to parse CSS...

5.3CVSS6.6AI score0.00985EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/09/29 12:0 a.m.5 views

PT-2023-7567

Name of the Vulnerable Software and Affected Versions PostCSS versions prior to 8.4.31 Description The issue affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contain parts parsed by PostCSS as a CSS comment. After processing by...

9.3CVSS6.9AI score0.01429EPSS
Exploits2References51
cvelist
cvelist
added 2023/09/29 12:0 a.m.40 views

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

5.3AI score0.00822EPSS
Exploits0References4
veracode
veracode
added 2023/09/01 4:50 p.m.26 views

Regular Expression Denial Of Service (ReDoS)

@adobe/css-tools is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in index.ts due to improper input validations which allows an attacker to cause an application slowdown when parsing CSS...

5.3CVSS6.7AI score0.00985EPSS
Exploits0References3Affected Software1
gentoo
gentoo
added 2022/08/21 12:0 a.m.45 views

Gnome Shell, gettext, libcroco: Multiple Vulnerabilities

Background GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. gettext contains the GNU locale utilities. libcroco is a standalone CSS2 parsing and manipulation library. Description The crparserparseanycore function in...

7.1CVSS3.7AI score0.02319EPSS
Exploits1
ubuntu
ubuntu
added 2022/04/26 2:5 p.m.78 views

USN-5389-1: Libcroco vulnerabilities

It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...

7.1CVSS7AI score0.12996EPSS
Exploits7
huntr
huntr
added 2021/09/14 1:52 a.m.173 views

Inefficient Regular Expression Complexity in fb55/nth-check

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...

5CVSS2.5AI score0.02165EPSS
Exploits1
osv
osv
added 2017/06/12 6:29 a.m.5 views

AZL-44802 CVE-2017-8871 affecting package libcroco 0.6.13-6

The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...

6.5CVSS6.7AI score0.12996EPSS
Exploits4References1
exploitpack
exploitpack
added 2017/06/09 12:0 a.m.29 views

libcroco 0.6.12 - Denial of Service

libcroco 0.6.12 - Denial of Service libcroco multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= Libcroco is a standalone css2 parsing and manipulation library. The parser provides a low level event driven SAC like api and a css object model like...

7.1CVSS6.7AI score0.12996EPSS
Exploits5
cnvd
cnvd
added 2017/04/21 12:0 a.m.4 views

libcroco 'cr_input_new_from_uri' function denial of service vulnerability

libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crinputnewfromuri' function in the cr-input.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds read with the help of a...

5.5CVSS5.7AI score0.02001EPSS
Exploits1References1
openvas
openvas
added 2014/10/20 12:0 a.m.30 views

Mozilla Thunderbird Multiple Vulnerabilities-01 (Oct 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

7.5CVSS9.6AI score0.04991EPSS
Exploits0References12
mozilla
mozilla
added 2014/10/14 12:0 a.m.48 views

Buffer overflow during CSS manipulation — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable...

7.5CVSS9.3AI score0.04991EPSS
Exploits0References2Affected Software4
seebug
seebug
added 2014/07/01 12:0 a.m.12 views

MS Internet Explorer "mshtml.dll" CSS Parsing Buffer Overflow

No description provided by source. / Taken from http://www.securiteam.com/exploits/5NP042KF5A.html The exploit will create a .CSS file that should be included in an HTML file. When a user loads the HTML file, Internet Explorer will try to parse the CSS and will trigger the buffer overflow. /...

7.1AI score
Exploits0
nessus
nessus
added 2011/06/28 12:0 a.m.22 views

Google Chrome < 12.0.742.112 Multiple Vulnerabilities

Binary data 5970.pasl...

4.3CVSS7.3AI score0.01132EPSS
Exploits0References2
openvas
openvas
added 2010/12/27 12:0 a.m.35 views

Google Chrome multiple vulnerabilities - Dec 10(Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Linux Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networks...

10CVSS0.5AI score0.02209EPSS
Exploits7References5
openvas
openvas
added 2010/12/27 12:0 a.m.35 views

Google Chrome multiple vulnerabilities - Dec 10(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...

10CVSS0.5AI score0.02209EPSS
Exploits7References5
ptsecurity
ptsecurity
added 2010/12/22 12:0 a.m.2 views

PT-2010-5544 · Google +3 · Chrome Os +4

Name of the Vulnerable Software and Affected Versions: WebKit versions prior to 8.0.552.224 Google Chrome versions prior to 8.0.552.224 Chrome OS versions prior to 8.0.552.343 webkitgtk versions prior to 1.2.6 Description: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp does...

10CVSS7.7AI score0.61319EPSS
Exploits24References53
Rows per page
Query Builder