249 matches found
PT-2021-15512 · Ansi-Html · Ansi-Html
Name of the Vulnerable Software and Affected Versions: ansi-html affected versions not specified Description: The issue arises when an attacker provides a malicious string, causing the system to get stuck processing the input for an extremely long time. Recommendations: At the moment, there is no...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0959-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...
CVE-2021-30536
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +24129 more potentially affected by CVE-2021-23424 via ansi-html (>=0.0.4 <=0.0.7)
ansi-html NPM version =0.0.4, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6233 more potentially affected by CVE-2021-26539 via sanitize-html (>=0.1.4 <=2.3.0)
sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.6.0, =3.0.19, =1.3.0, =2.6.0, =6.0.1 and more Source cves: CVE-2021-26539 Source advisory: OSV:GHSA-RJQQ-98F6-6J3R...
SUSE: Security Advisory (SUSE-SU-2018:1202-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-21142
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...
DEBIAN-CVE-2021-21136
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Privilege Escalation
sanitize-html is vulnerable to privilege escalation. An attacker is able to bypass hostname whitelist for iframe element when the "allowIframeRelativeUrls" is set to true due to the hostnames set by the "allowedIframeHostnames" not properly validated...
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
...
Design/Logic Flaw
This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is...
CVE-2020-15992
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...
CVE-2020-15968
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-6500
Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2020-3955
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...
CVE-2020-3955
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...
Design/Logic Flaw
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...
CVE-2020-6394
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page...