47 matches found
EUVD-2022-1539
Malicious code in bioql PyPI...
EUVD-2022-4946
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-18385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not...
MAL-2025-6834 Malicious code in asciidoctor.rb (npm)
The package communicates with a domain associated with malicious activity...
The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in insufficient data cleansing, which allows attackers to carry out XSS attacks.
The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to insufficient cleaning of data provided by users in the Asciidoctor render. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
Linux Distros Unpatched Vulnerability : CVE-2022-24803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asciidoctor-include-ext is Asciidoctor's standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied...
CVE-2022-24803
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...
Malicious code in asciidoctor_pdf-linewrap-ja (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in asciidoctor_bibliography (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
RHEL 8 : rubygem-asciidoctor (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-asciidoctor: Infinite loop in the nextblock method CVE-2018-18385 Note that Nessus has not tested for this...
The vulnerability of the AsciiDoc text processor, Asciidoctor, arises from executing a loop with an unavailable exit condition, allowing attackers to cause service failures.
The vulnerability of the AsciiDoc text processor, Asciidoctor, is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...
SUSE CVE-2018-18385
Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...
GHSA-QC9P-MJXM-J2WJ Asciidoctor Infinite Loop vulnerability
Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...
Asciidoctor Infinite Loop vulnerability
Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...
Asciidoctor Infinite Loop vulnerability
Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...
Command Injection
asciidoctor-include-ext is vulnerable to Command Injection. The library renders user-supplied input in AsciiDoc markup, which allows an attacker to execute arbitrary system commands on the host operating system when the allow-uri-read is disabled...
DEBIAN-CVE-2022-24803
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...
CVE-2022-24803
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...
CVE-2022-24803
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...
UBUNTU-CVE-2022-24803
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...