Lucene search
+L

81 matches found

BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.5 views

The vulnerability of the Mozilla Firefox browser, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of the Mozilla Firefox browser is related to errors in the configuration of security rules for iframe-based tables in XSLT stylesheets. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions by using iframes to bypass limitations such as...

9.4CVSS7.9AI score0.0383EPSS
Exploits0References7Affected Software3
RedHat Linux
RedHat Linux
added 2021/11/04 5:3 p.m.4 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.0383EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature problem in which iframe sandboxing rules are not properly applied to XSLT style sheets and an attacker can use the vulnerability to bypass implemented security restrictio...

10CVSS5.7AI score0.0383EPSS
Exploits0References37
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.4 views

SAP NetWeaver Knowledge Management Configuration Service 操作系统命令注入漏洞

SAP NetWeaver Knowledge Management Configuration Service is a knowledge management solution configuration service from SAP, Germany. An operating system command injection vulnerability exists in SAP NetWeaver Knowledge Management XML Forms versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, which allows...

9.9CVSS8.5AI score0.03155EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.6 views

The vulnerability in the nsAutoPtr function of browsers like Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to cause a service failure.

The vulnerability of the nsAutoPtr function in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after document processing using the XSLT Extensible Stylesheet Language Transformations language. Exploiting this vulnerability can allow an...

10CVSS7.7AI score0.03622EPSS
Exploits1References16Affected Software10
CNVD
CNVD
added 2020/05/14 12:0 a.m.4 views

Palo Alto Networks PAN-OS Buffer Overflow Vulnerability (CNVD-2020-31586)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in the XSLT processing logic in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to upload and execute malicious files with...

9.8CVSS7.2AI score0.01334EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.5 views

The vulnerability of the XSLT (Extensible Stylesheet Language Transformations) implementation of the Apache Syncope system allows a attacker to read the file, write to the file, or execute arbitrary code.

The vulnerability of the XSLT Extensible Stylesheet Language Transformations implementation of the Apache Syncope system’s digital identifier management mechanism is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to read files, write files, or...

9CVSS7.3AI score0.18024EPSS
Exploits4References3Affected Software1
Veracode
Veracode
added 2019/05/02 4:56 a.m.66 views

Stack-based Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

10CVSS9.8AI score0.06493EPSS
Exploits0References15Affected Software3
Veracode
Veracode
added 2019/05/02 4:56 a.m.34 views

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

10CVSS9.8AI score0.06493EPSS
Exploits0References15Affected Software3
Veracode
Veracode
added 2019/05/02 4:56 a.m.28 views

Use After Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

10CVSS9.8AI score0.06493EPSS
Exploits0References15Affected Software3
Veracode
Veracode
added 2019/05/02 4:56 a.m.46 views

Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

10CVSS9.8AI score0.06493EPSS
Exploits0References16Affected Software3
Veracode
Veracode
added 2019/05/02 4:42 a.m.27 views

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

10CVSS9.6AI score0.07762EPSS
Exploits2References18Affected Software3
OSV
OSV
added 2018/10/16 11:13 p.m.5 views

GHSA-H6RP-8V4J-HWPH Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...

7.5CVSS6.1AI score0.07352EPSS
Exploits2References16
OSV
OSV
added 2018/06/11 9:29 p.m.6 views

CVE-2018-5177

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...

7.5CVSS7.5AI score0.03863EPSS
Exploits0References5
CNVD
CNVD
added 2018/05/11 12:0 a.m.4 views

Mozilla Firefox XSLT Buffer Overflow Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A buffer overflow vulnerability exists in XSLT in Mozilla Firefox during number formatting. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS8.9AI score0.03863EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/21 12:0 a.m.66 views

Apache Syncope Remote Code Execution Vulnerability

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A security vulnerability exists in Apache Syncope versions 1.2.x...

7.2CVSS7AI score0.18024EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2017/07/06 12:0 a.m.7 views

The vulnerability of XSLT programs for viewing and editing PDF files in Adobe Reader, Adobe Acrobat Document Cloud, Adobe Acrobat, and Adobe Reader Document Cloud allows attackers to execute arbitrary code.

The vulnerability of XSLT programs for viewing and editing PDF files in Adobe Reader, Adobe Acrobat Document Cloud, Adobe Acrobat, and Adobe Reader Document Cloud arises from operations that go beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

9.3CVSS8.1AI score0.07415EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2017/04/21 12:49 a.m.6 views

Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

9.8CVSS7.3AI score0.03036EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/02/02 4:38 a.m.3 views

Mozilla: Use-after-free in XSL (MFSA 2017-02)

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

9.8CVSS7.3AI score0.03208EPSS
Exploits0References5
OSV
OSV
added 2017/01/24 7:59 a.m.2 views

CVE-2017-2970

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution...

7.8CVSS6AI score0.07415EPSS
Exploits0References2
Rows per page
Query Builder