HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxmlhtmlclean but may be interpreted differently by web...

PT-2024-39667 · Vue · Vue

Name of the Vulnerable Software and Affected Versions: Vue affected versions not specified Description: The issue is related to an improper regular expression in Vue's parseHTML function, which can lead to a potential regular expression denial of service vulnerability. This flaw, known as a ReDoS...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

PT-2024-5303 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.72 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in HTML, allowing a remote attacker to perform UI spoofing via a crafted HTML...

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: Local user code injection in the meta rule syntax CVE-2018-11781 - A denial of service...

Heap-based Buffer Overflow

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the xmlHTMLPrintFileContext function in xmllint.c. An attacker can read memory contents that may contain sensitive data by triggering a buffer...

RHEL 6 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 -...

FreeBSD : clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition (ecafc4af-fe8a-11ee-890c-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ecafc4af-fe8a-11ee-890c-08002784c58d advisory. - A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380

Summary: CVE-2024-20380 is a DoS in ClamAV’s HTML parser triggered by a crafted HTML file scanned by the unauthenticated attacker. The root cause is tied to the C-to-Rust FFI boundary in the HTML parser, leading to a crash of the clamd/scan process and a denial of service. Affected product/versio...

CVE-2024-20380 ClamAV HTML Parser Denial of Service Vulnerability

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380 ClamAV HTML Parser Denial of Service Vulnerability

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

PT-2024-2947 · Clamav +1 · Clamav +1

Name of the Vulnerable Software and Affected Versions: ClamAV affected versions not specified Description: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an...

[SECURITY] Fedora 40 Update: nekohtml-1.9.22-26.fc40

NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces. The parser can scan HTML files and "fix up" many common mistakes that human and computer authors make in writing HTML documents...

[SECURITY] Fedora 40 Update: jericho-html-3.3-30.fc40

Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognized or invalid HTML. It also provides high-level HTML form manipulation functions. It is an open source library released under...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...