Lucene search
+L

280 matches found

Cvelist
Cvelist
added 2020/12/18 8:44 a.m.41 views

CVE-2020-35554

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...

7.7AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2020/07/24 8:10 p.m.33 views

GHSA-F7F4-HQP2-7PRC Improper Input Validation in sails-hook-sockets

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...

7.5CVSS7.3AI score0.01769EPSS
Exploits0References6
OSV
OSV
added 2020/03/30 8:15 p.m.3 views

DEBIAN-CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

5.4CVSS6AI score0.01197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/30 12:0 a.m.5 views

PT-2020-18364 · Symfony · Symfony +1

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.5 and 5.0.5 symfony/http-foundation versions prior to 4.4.5 and 5.0.5 Description: The issue arises from the ErrorHandler rendering unescaped properties of the Exception class when displaying the stacktrace, whic...

5.5CVSS5.2AI score0.01197EPSS
Exploits0References13
Veracode
Veracode
added 2020/01/28 1:39 p.m.23 views

Cross-site Scripting (XSS)

ratpack-core is susceptible to cross-site scripting XSS. It does not sanitize the user input rendered as an exception message in the development error handler, allowing an attacker to inject malicious script via the message.The library is vulnerable only through the development mode's error handl...

6.1CVSS2.2AI score0.00857EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/01/28 1:15 a.m.22 views

Cross site scripting

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

4.3CVSS6AI score0.00857EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/01/27 7:28 p.m.12 views

GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

6.1CVSS6.2AI score0.00857EPSS
Exploits1References4
Snyk
Snyk
added 2019/11/19 12:2 p.m.2 views

Cross-site Scripting (XSS)

Overview io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the...

6.3CVSS5.3AI score0.00857EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2019/08/27 5:40 p.m.30 views

Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS1.7AI score0.00984EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/08/27 5:40 p.m.44 views

GHSA-F5F4-M7QP-W6GC Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS5.9AI score0.00984EPSS
Exploits1References4
Veracode
Veracode
added 2019/08/26 8:52 a.m.25 views

Cross-site Scripting (XSS)

Jooby is vulnerable to cross-site scripting XSS. The attack can be triggered when an attacker inject a malicious script through the default error handler...

6.1CVSS1.7AI score0.00984EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/08/23 1:15 p.m.27 views

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS6AI score0.00984EPSS
Exploits1References1
OSV
OSV
added 2019/08/23 1:15 p.m.16 views

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS6.1AI score
Exploits0References1
Prion
Prion
added 2019/08/23 1:15 p.m.20 views

Default credentials

Jooby before 1.6.4 has XSS via the default error handler...

4.3CVSS5.9AI score0.00984EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/08/06 1:15 p.m.28 views

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

8.8CVSS8.9AI score0.0149EPSS
Exploits0References1
OSV
OSV
added 2019/08/06 1:15 p.m.5 views

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

8.8CVSS6.1AI score0.0149EPSS
Exploits0References1
Snyk
Snyk
added 2019/07/03 7:15 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can...

8.8CVSS7.9AI score0.04043EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/07/03 7:15 p.m.28 views

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

8.8CVSS7.5AI score0.04043EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/07/03 6:43 p.m.28 views

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

8.8CVSS8.8AI score0.04043EPSS
Exploits1References5
OSV
OSV
added 2019/04/21 2:29 a.m.6 views

UBUNTU-CVE-2019-11390

DISPUTED An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition...

5.3CVSS6.1AI score0.01671EPSS
Exploits1References3
Rows per page
Query Builder