CVE-2022-47934

CVE-2022-47934 affects Brave Browser prior to 1.43.88. A DoS can be triggered in private and guest windows by a crafted HTML file referencing ipfs:// or ipns:// URLs, stemming from an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Affected component is Brave Browser’s HTML handling; root c...

CVE-2022-47934

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934...

CVE-2022-47933

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequestIPFSRedirectWork in ipfsredirectnetworkdelegatehelper.cc...

CSP passby via js file

Description Hi,Maintainter You submitted a fix in the latest version 0.9.0 with commit c07b4a.But after many tests, I found that this is still not 100% safe.You have set a very simple csp , which can be bypassed. Video link link...

CVE-2022-45415

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

Security Vulnerabilities fixed in Firefox 107 — Mozilla

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. Through a series of popup and window.print calls, an...

Html2xhtml 缓冲区错误漏洞

Html2xhtml is a command line tool for converting HTML files to XHTML files by the individual developer Jesus Arias Fisteus. A buffer error vulnerability exists in Html2xhtml v1.3, which originates from an out-of-bounds read in the function static void elmclosetreenodet nodo in procesador.c. An...

CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

Seiko Solutions SkyBridge MB-A100/A110 代码问题漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which originates from an arbitrary file upload vulnerability in the Recovery Backup feature tha...

CVE-2020-21365

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations...

CVE-2020-21365

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations...

CVE-2022-38223

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

CVE-2022-38223

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

CVE-2020-21365

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations...

CVE-2022-38223

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

CVE-2020-21365

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations...

RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...

GHSA-6W2F-6WQ3-RJVF RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2022-32065

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2022-32065

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...