PT-2024-2947 · Clamav +1 · Clamav +1

Name of the Vulnerable Software and Affected Versions: ClamAV affected versions not specified Description: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an...

[SECURITY] Fedora 40 Update: nekohtml-1.9.22-26.fc40

NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces. The parser can scan HTML files and "fix up" many common mistakes that human and computer authors make in writing HTML documents...

[SECURITY] Fedora 40 Update: jericho-html-3.3-30.fc40

Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognized or invalid HTML. It also provides high-level HTML form manipulation functions. It is an open source library released under...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

Medium: jsoup

Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

Atlassian JIRA Service Desk < 4.20.28 / 5.4.x < 5.4.12 / 5.5.x < 5.11.3 / 5.12.0 (JSDSERVER-14872)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14872 advisory. - org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogir...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0, 7.19, 8.1.0, 8.2.0, 8.3.0 and 8.5 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

[SECURITY] [DSA 5471-1] libhtmlcleaner-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5471-1 [email protected] https://www.debian.org/security/ Markus Koschany August 07, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DLA 3520-1] libhtmlcleaner-java security update

Debian LTS Advisory DLA-3520-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 07, 2023 https://wiki.debian.org/LTS Package : libhtmlcleaner-java Version : 2.21-5+deb10u1 CVE ID : CVE-2023-34624 A security vulnerability has been discovered in...

Apple Multiple Products WebKit Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rel...

SpiderSuite - Advance Web Spider/Crawler For Cyber Security Professionals

An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage...

Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-44daa9c1d4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2023-32373

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

Debian: Security Advisory (DLA-1175-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2008-4514

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via a font tag with a long color value, which triggers an assertion error...

SUSE CVE-2009-3627

The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...

SUSE CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

SUSE CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

SUSE CVE-2016-2073

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...

SUSE CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags...