GHSA-9C8W-JRW3-Q2C3 Cross-site Scripting in OWASP AntiSamy

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

DEBIAN-CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

UBUNTU-CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

PT-2021-3745 · Owasp +1 · Owasp Antisamy +1

Name of the Vulnerable Software and Affected Versions: OWASP AntiSamy versions prior to 1.6.4 Description: The issue allows for cross-site scripting XSS attacks via HTML attributes when using the HTML output serializer. This was demonstrated by a javascript: URL, where the colon character was...

OWASP AntiSamy 跨站脚本漏洞

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Owasp Foundation in the United States. A security vulnerability exists in OWASP AntiSamy that allows XSS via HTML attributes when using the HTML output serializer...

GHSA-HC33-32VW-RPP9 Remote Code Execution Vulnerability in Session Storage

Impact A malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If your application does not use Ratpack's session mechanism, it is not vulnerable. Details Attackers with the ability to writ...

SUSE: Security Advisory (SUSE-SU-2019:3337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-8147

Name of the Vulnerable Software and Affected Versions Newtonsoft.Json versions prior to 13.0.1 Description The issue is related to a mishandling of exceptional conditions vulnerability in the Newtonsoft.Json library. Crafted data passed to the JsonConvert.DeserializeObject method may trigger a...

Buffer overflow

The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far...

CVE-2020-28759

The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far...

CVE-2020-28759

The CVE-2020-28759 entry concerns OAID Tengine lite v1.0 where the serializer module is reported to have a Buffer Overflow causing a crash. This is documented across multiple sources (NVD, Red Hat, OSV, CVE lists) with the core detail: the serializer module can crash due to a buffer overflow; the...

OAID Tengine Lite Buffer Error Vulnerability

OAID Tengine Lite is a tool from the OAID organization that implements the need for fast and efficient deployment of deep learning neural network models on embedded devices. OAID Tengine Lite 5.0.55.2 suffers from a buffer error vulnerability that stems from a buffer overflow and crash in the...

PT-2020-17040 · Oaid · Oaid Tengine Lite

Name of the Vulnerable Software and Affected Versions: OAID Tengine lite version v1.0 Description: The serializer module in OAID Tengine lite has a reported Buffer Overflow issue, which can cause a crash. However, there is some uncertainty regarding the existence of proof for this overflow...

Fedora 32 : php-symfony4 (2020-16eb328853)

Version 4.4.13 2020-09-02 - security CVE-2020-15094 Remove headers with internal meaning from HttpClient responses mpdude - bug 38024 Console Fix undefined index for inconsistent command name definition chalasr - bug 38023 DI fix inlining of non-shared services nicolas-grekas - bug 38020...

GHSA-CHH2-RVHG-WQWR Malicious Package in json-serializer

Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...

Malicious Package in json-serializer

Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...