10 matches found
Updated ruby packages fix security vulnerabilities
Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...
GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...
SUSE CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
ALPINE-CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
DEBIAN-CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
SGI InfoSearch 1.0,SGI IRIX 6.5.x fname Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing commands to b...
Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
Mako is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
This host is installed with Mako and is prone to cross-site scripting vulnerability. Openvas Vulnerability Test $id: gbmakoxssvuln.nasl 10044 2010-07-12 13:10:35z jul $ Description: Mako 'cgi.escape' Cross-Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright C 2010 Greenbone...
DEBIAN-CVE-2010-2480
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...
PT-2010-4051 · Python · Mako
Name of the Vulnerable Software and Affected Versions: Mako versions prior to 0.3.4 Description: The issue makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. This ...