Design/Logic Flaw

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

CVE-2022-24839

CVE-2022-24839 affects the Nokogiri fork of org.cyberneko.html (Sparkle Motion Nokogiri). The fork raises a java.lang.OutOfMemoryError when parsing ill-formed HTML markup, causing potential denial of service. Upgrading to nokogiri fork version >= 1.9.22.noko2 is recommended. The upstream org.c...

CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to an inappropriate implementation in HTML parser allowing an attacker to crash the system...

Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12482 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in ANGLE can be exploited to cause...

Google Chrome 跨站脚本漏洞

Google Chrome is a web browser from Google, Inc. Google Chrome suffers from a cross-site scripting vulnerability that stems from a faulty implementation of the HTML parser in Chrome. A remote attacker could create a specially designed web page to trick a victim into visiting it and obtaining...

KLA12473 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Out of bounds memory...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 99.0.4844.51 for Windows,Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the lo...

Mageia: Security Advisory (MGASA-2017-0451)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.10 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OSV-2021-1367 Uncaught exception in org.jsoup.parser.HtmlTreeBuilderState$18.process

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39164 Crash type: Uncaught exception Crash state: org.jsoup.parser.HtmlTreeBuilderState$18.process org.jsoup.parser.HtmlTreeBuilder.process org.jsoup.parser.HtmlTreeBuilderState$7.process...

CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

RUSTSEC-2021-0074 Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Responsive Tourism Website 3.1 - Remote Code Execution RCE Unauthenticated Date: 22.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14838/simple-responsive-tourism-website-using-php-free-source-code.html Version: V 3.1 Tested on: MacOS &...

DRUPAL-CORE-2021-003

Update: 2021-06-11: Added CVE-2021-33829 identifier Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. CKEditor 4.16.1 and later include the fix. Update: 2021-06-11: More details are available on CKEditor's blog. Users of...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

SUSE: Security Advisory (SUSE-SU-2016:0727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2021-0078 Panic when parsing malformed HTML in golang.org/x/net/html

The HTML parser does not properly handle "in frameset" insertion mode, and can be made to panic when operating on malformed HTML that contains tags. If operating on user input, this may be a vector for a denial of service attack...