GHSA-2MM9-C2FX-C7M4 Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

Authentication flaw

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

Fedora 28 : php-tcpdf (2018-f1ca41a1a6)

Version 6.2.25 - Fix support for image URLs. ---- Version 6.2.24 - Support remote urls when checking if file exists. ---- Version 6.2.23 - Simplify fileexists function. ---- Version 6.2.20 - Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization o...

Updated kio-extras packages fix security vulnerability

The HTML thumbnailer was incorrectly accessing some content of remote URLs listed in HTML files. This meant that the owners of the servers referred in HTML files in your system could have seen in their access logs your IP address every time the thumbnailer tried to create the thumbnail...

kio-extras -- HTML Thumbnailer automatic remote file access

Albert Astals Cid reports: Various KDE applications share a plugin system to create thumbnails of various file types for displaying in file managers, file dialogs, etc. kio-extras contains a thumbnailer plugin for HTML files. The HTML thumbnailer was incorrectly accessing some content of remote...

Open Redirect

python-fedora is vulnerable to open redirects. The library does not check if urls passed to it are remote urls, allowing a malicious user to pass a remote malicious url to the application to cause open redirects and possibly leak CSRF tokens...

PT-2017-10820

Name of the Vulnerable Software and Affected Versions git versions prior to 6.20170818 git-scm git affected versions not specified Description A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exist...

Design/Logic Flaw

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

Medium: postgresql8

Issue Overview: It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this fla...

Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120913)

It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this flaw to read and...

SuSE 11 Security Update : glib2 (SAT Patch Number 1831)

When copying symbolic links the gfilecopy function set the target of the link to mode 0777 therefore exposing potentially sensitive information or allowing other user to modify files they should not have access to CVE-2009-3289. This has been fixed. This update also fixes a problem where glib2...