CVE-2021-28114

CVE-2021-28114 affects Froala WYSIWYG Editor 3.2.6-1 with an XSS flaw caused by a namespace confusion during parsing. Red Hat, CNVD, OSV, and others report the issue and, in CNVD, an attacker could obtain an administrator cookie. The initial entry provides the vulnerability description and CVSS m...

Froala WYSIWYG Editor 跨站脚本漏洞

Froala WYSIWYG Editor is an application. Froala WYSIWYG Editor is a cross-site scripting vulnerability that stems from an obfuscation of namespace resolution in the product. An attacker could exploit this vulnerability to obtain an administrator cookie...

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

RUSTSEC-2021-0074 Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

DEBIAN-CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

UBUNTU-CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer overflow vulnerability that originates from a heap out-of-bounds write in net/netfilter/xtables.c. The vulnerability can be exploited to...

Access Control Bypass

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

Arbitrary Code Execution

phpmailer/phpmailer is vulnerable to arbitrary code execution. When the $patternselect parameter in validateAddress is set to the default php defined by PHPMailer::$validator, and the global namespace contains a function called php, untrusted code can be called when such code is injected into the...

PT-2021-3390 · Phpmailer +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.4.1 and earlier Description: The issue is related to the validateAddress function in PHPMailer, which can lead to the execution of untrusted code if such code is injected into the host project's scope by other means. This...

SUSE: Security Advisory (SUSE-SU-2019:1364-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-17750 · Froala · Froala Wysiwyg Editor

Name of the Vulnerable Software and Affected Versions: Froala WYSIWYG Editor version 3.2.6-1 Description: The issue is related to a namespace confusion during parsing, which leads to a cross-site scripting XSS problem. Recommendations: For Froala WYSIWYG Editor version 3.2.6-1, update to a versio...

PT-2024-11272 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc1+ Description: The issue arises when an IPoIB device is moved to a non-initial network namespace and that namespace is then destroyed. Instead of moving the device back to the initial namespace, it...

Permissions bypass in KubeVirt

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret...

UVI-2021-1000417 net: Only allow init netns to set default tcp cong to a restricted algo

net: Only allow init netns to set default tcp cong to a restricted algo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.119 by commit...

UVI-2021-1000341 net: Only allow init netns to set default tcp cong to a restricted algo

net: Only allow init netns to set default tcp cong to a restricted algo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

UVI-2021-1000225 net: Only allow init netns to set default tcp cong to a restricted algo

net: Only allow init netns to set default tcp cong to a restricted algo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

GSD-2021-1000341 net: Only allow init netns to set default tcp cong to a restricted algo

net: Only allow init netns to set default tcp cong to a restricted algo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

GSD-2021-1000451 net: Only allow init netns to set default tcp cong to a restricted algo

net: Only allow init netns to set default tcp cong to a restricted algo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.191 by commit...

GSD-2021-1000417 net: Only allow init netns to set default tcp cong to a restricted algo

net: Only allow init netns to set default tcp cong to a restricted algo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.119 by commit...