Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

149 matches found

FreeBSD
FreeBSDadded 2020/02/13 12:0 a.m.13 views

www/py-bleach -- multiple vulnerabilities

bleach.clean behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to bleach.clean with strip=False and math or svg tags and one or more of the RCDATA tags script, noscript, style, noframes, iframe, noembed, or x...

2.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2019/03/27 12:0 a.m.40 views

openSUSE Security Update : Chromium (openSUSE-2019-548)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

9.6CVSS8AI score0.41185EPSS
Exploits3References32
Hacker One
Hacker Oneadded 2019/02/27 7:47 p.m.24 views

X (Formerly Twitter): Html Injection and Possible XSS via MathML

Hi, I would like to report HTML Injection and possible cross site scripting XSS vulnerability using the MathML on Firefox. Account title of field is vulnerable to Html Injection which can lead an attacker to store javascript using the MathML in Firefox. Modern Firefox versions allow usage of inli...

5.9AI score
Exploits0
Hacker One
Hacker Oneadded 2018/10/28 6:58 a.m.11 views

Ruby on Rails: XSS by MathML at Active Storage

In Active Storage, formats treated as binary have been confirmed, It does not contain application/mathml+xml. https://github.com/rails/rails/commit/d40284b1a44773b03d78ca67a888b94fd330d1b1 In Marcel::MimeType.for, if content-type can not be determined with magic byte, since it is determined using...

4.3CVSS0.4AI score0.0026EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2018/07/26 12:0 a.m.43 views

openSUSE Security Update : Chromium (openSUSE-2018-759)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

9.6CVSS8AI score0.41185EPSS
Exploits3References32
OPENSUSE Linux
OPENSUSE Linuxadded 2018/07/25 3:9 p.m.94 views

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

1.2AI score0.41185EPSS
Exploits3References6
OPENSUSE Linux
OPENSUSE Linuxadded 2018/07/25 3:8 p.m.86 views

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

1.2AI score0.41185EPSS
Exploits3References6
NVD
NVDadded 2018/07/18 2:29 p.m.12 views

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

4.7CVSS4.7AI score0.00171EPSS
Exploits0References1
OSV
OSVadded 2018/07/18 2:29 p.m.0 views

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

4.7CVSS5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2018/07/02 12:0 a.m.47 views

Debian DSA-4237-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-6118 Ned Williamson discovered a use-after-free issue. - CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. - CVE-2018-6121 It was discovered that malicious extensions could...

9.6CVSS8.2AI score0.41185EPSS
Exploits3References61
FreeBSD
FreeBSDadded 2018/05/29 12:0 a.m.45 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...

9.6CVSS8.3AI score0.41185EPSS
Exploits3References1
Tenable Nessus
Tenable Nessusadded 2015/08/04 12:0 a.m.20 views

Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20150722)

A flaw was found in the way the LibreOffice HWP Hangul Word Processor file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that...

6.8CVSS7.2AI score0.07403EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2015/03/26 12:0 a.m.37 views

Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305)

It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macro...

10CVSS8AI score0.09871EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2015/03/18 12:0 a.m.43 views

CentOS 7 : libabw / libcmis / libetonyek / libfreehand / liblangtag / libmwaw / libodfgen / etc (CESA-2015:0377)

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

10CVSS8AI score0.09871EPSS
Exploits0References12
RedHat Linux
RedHat Linuxadded 2015/03/05 8:48 a.m.38 views

Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

10CVSS7.6AI score0.09871EPSS
Exploits0References15
OpenVAS
OpenVASadded 2014/08/07 12:0 a.m.23 views

Mozilla Thunderbird Multiple Vulnerabilities-01 (Aug 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

10CVSS9.6AI score0.05409EPSS
Exploits0References15
Tenable Nessus
Tenable Nessusadded 2014/07/25 12:0 a.m.25 views

Mozilla Firefox < 31.0 Multiple Vulnerabilities

Binary data 8333.prm...

10CVSS9.6AI score0.03758EPSS
Exploits0References23
NVD
NVDadded 2014/07/23 11:12 a.m.16 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS7.3AI score0.05409EPSS
Exploits0References7
Prion
Prionadded 2014/07/23 11:12 a.m.19 views

Design/Logic Flaw

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS8AI score0.05409EPSS
Exploits0References7Affected Software3
ATTACKERKB
ATTACKERKBadded 2014/07/23 11:12 a.m.0 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS6.6AI score0.05409EPSS
Exploits0References8
Rows per page
Query Builder