The vulnerability in the JavaScript object indexing mechanism of Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird allows a malicious actor to execute arbitrary JavaScript code.

The vulnerability of the JavaScript object indexing mechanism in Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...

The vulnerability of Mozilla Thunderbird’s email client lies in the improper processing of user-input data when dealing with signed and encrypted embedded messages. This allows attackers to perform spamming attacks.

The vulnerability in Mozilla Thunderbird’s email client allows for incorrect processing of user-input data when dealing with signed and encrypted embedded messages. Exploiting this vulnerability can enable a malicious actor to carry out spam attacks by sending specially crafted email messages...

The vulnerability of the HTTP interface implementation for Zyxell network interfaces allows attackers to execute arbitrary commands.

The vulnerability of the HTTP interface implementation for Zyxell network interfaces relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by introducing a specially crafted file...

CLSA-2022-1652706582 Fixed CVE-2018-25032 in zlib

CVE-2018-25032: Fix an out-of-bounds access flaw leading to memory corruption when input has many distant matches...

YARP Denial of Service Vulnerability

Impact A denial of service vulnerability exists in how YARP processes input. Patches If you're using YARP 1.0.0, you should update to NuGet package version 1.0.1. If you're using YARP 1.1.0-RC.1, you should update to NuGet package version 1.1.0-rc.1.22211.2. You can do so by updating the...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds write vulnerability that originates from a boundary error when WebRTC processes untrusted input. A remote attacker can exploit the vulnerability to execute arbitrary code on the system...

The vulnerability of the HtmlResponseMessage component in the microprogramming software of D-Link DIR-866L routers allows attackers to execute cross-site scripting attacks.

The vulnerability of the HtmlResponseMessage component in the microprogramming software of D-Link DIR-866L wireless routers is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to execute cross-site scripting attacks...

The vulnerability of the Application Server component in network-based printing control systems like PaperCut MF and PaperCut NG allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the Application Server component in network-based printing control systems like PaperCut MF and PaperCut NG is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and increase their privileges...

CVE-2021-39537

A heap overflow vulnerability has been found in the ncurses package, particularly in the "tic". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the...

GHSA-WHGM-JR23-G3J9 Uncontrolled Resource Consumption in ansi-html

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

CVE-2021-23424 affects the Node.js package ansi-html . The provided documents describe a denial-of-service condition caused by a regular-expression Denial-of-Service (ReDoS) flaw in processing input, potentially allowing an attacker to consume resources and degrade availability. Several IBM advis...

PT-2021-15512 · Ansi-Html · Ansi-Html

Name of the Vulnerable Software and Affected Versions: ansi-html affected versions not specified Description: The issue arises when an attacker provides a malicious string, causing the system to get stuck processing the input for an extremely long time. Recommendations: At the moment, there is no...

The vulnerability of the JAPI component of the Essbase Analytic Provider Services service allows a hacker to gain full access to critical data.

The vulnerability of the JAPI component of the Essbase Analytic Provider Services is related to errors in processing input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full access to critical data...

CVE-2021-29542

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...

CVE-2021-32471

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs instead of 0s and 1s...

Forcepoint Web Security Content Gateway 代码问题漏洞

Forcepoint Web Security Content Gateway is an application gateway from Forcepoint, USA. A code issue vulnerability exists in Forcepoint Web Security Content Gateway versions prior to 8.5.4 that stems from incorrectly processing XML input, which can lead to information disclosure...

The vulnerability of the DNS server service in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the DNS server service in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

MGASA-2021-0150 Updated glibc packages fixes security vulnerabilities

Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead t...