golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

CVE-2020-6210

SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...

SpotAuditor 'Base64' Native Buffer Overflow Vulnerability

SpotAuditor is a useful password recovery software for recovering passwords stored in your computer, which is mainly used to get the list of passwords that have been saved in the local computer, the list of access URLs, and the list of programs that have been launched. SpotAuditor 'Base64' suffer...

OPENSUSE-SU-2019:2260-1 Security update for MozillaFirefox

This update for MozillaFirefox to 68.1 fixes the following issues: Security issues fixed: - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. bsc1140868 - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. bsc1149294 - CVE-2019-11710: Fixed several memory...

OPENSUSE-SU-2019:2248-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 68.1.1 fixes the following issues: - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

openSUSE Security Update : python3 (openSUSE-2019-1371)

This update for python3 fixes the following issues : Security issue fixed : - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL...

OPENSUSE-SU-2019:1166-1 Security update for znc

This update for znc to version 1.7.2 fixes the following issue: Security issue fixed: - CVE-2019-9917: Fixed an issue where due to invalid encoding znc was crashing bsc1130360...

8x8: Stored XSS agent_status

The functionality to set a user's status within the ContactNow application did not perform sufficient encoding when displayed to other user's of a given organization...

Adobe CreativeCloud Input Validation and Encoding Vulnerability

Adobe Creative Cloud is a digital hub that provides access to every Adobe Creative Suite 6 desktop application, online services, and other newly released applications. Adobe CreativeCloud suffers from an input validation and encoding vulnerability that allows remote attackers to inject their own...

Design/Logic Flaw

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

CVE-2016-5394

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...

CVE-2017-8906

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.4, as used by the x265encoderencode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in th...

Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1772 Release Date: ============= 2016-02-28 Vulnerability Laboratory ID VL-ID: ====================================...

UBUNTU-CVE-2015-8217

The ffhevcparsesps function in libavcodec/hevcps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted High Efficiency Video Coding HEVC da...

PayPal Inc BB #59 - Persistent Mail Encoding Vulnerability

Document Title: =============== PayPal Inc BB 59 - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=844 PayPal Security UID: CabdfGa Release Date: ============= 2014-09-23 Vulnerability Laboratory ID VL-ID:...

Design/Logic Flaw

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."...

CVE-2013-3166

CVE-2013-3166 is an XSS vulnerability in Microsoft Internet Explorer (IE6–IE10) that arises from incorrect auto‑selection of the Shift JIS encoding, enabling remote script/HTML execution via cross‑domain scrolling events. The issue is documented as the Shift JIS Character Encoding Vulnerability a...