2039 matches found
DEBIAN-CVE-2018-21030
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
CVE-2019-9757
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read...
DEBIAN-CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
The vulnerability of the SVG object processing mechanism in browsers such as Firefox ESR, Firefox, and the email client Thunderbird allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the SVG object processing mechanism in browsers such as Firefox ESR, Firefox, and the email client Thunderbird is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service interruptions...
Low: Red Hat Security Advisory: libwmf security update
An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...
libwmf security update
An update is available for libwmf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libwmf packages provide a library for reading and converting Windows...
CVE-2019-9855
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...
CVE-2019-9851
CVE-2019-9851 affects Document Foundation LibreOffice prior to 6.2.6, where documents can specify pre-installed scripts that run on global script events (e.g., document-open). The fixed versions validate global script event handlers equivalently to document script handlers, mitigating the issue. ...
Concrete5 Cross-Site Scripting Vulnerability (CNVD-2019-18846)
concrete5 is an open source content management system CMS for publishing content on the World Wide Web and intranet. A cross-site scripting vulnerability exists in Concrete5 8.4.3. The vulnerability stems from config/concrete.php allowing the upload of SVG files that may contain HTML data with...
CVE-2018-19146
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...
Denial Of Service
libwmf is a library for reading and converting Windows Metafile Format WMF vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF Windows Metafiles with embedded BMP images. By tricking a victim into openin...
Spoofing Vulnerability
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Privilege Escalation
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Information Disclosure
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Denial Of Service (DoS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...