SUSE CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

MGASA-2024-0123 Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

CVE-2023-6678

CVE-2023-6678 affects GitLab EE: all versions before 16.8.6, all 16.9.x prior to 16.9.4, and all 16.10.x prior to 16.10.2. An attacker can cause a denial of service by processing maliciously crafted content in a junit test report file. This vulnerability is documented across multiple sources (Git...

CVE-2023-6678

Removed by vendor...

django-wiki Security Vulnerabilities

django-wiki is a wiki system based on Django. A security vulnerability exists in versions of django-wiki prior to 0.10.1, which stems from vulnerability to maliciously crafted article content that could lead to a denial of service via regular expressions...

BIT-JENKINS-2021-21604

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...

PYSEC-2024-162

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

PT-2024-19064 · Elecom · Elecom Wireless Lan Routers

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers affected versions not specified Description: The issue is related to a cross-site scripting vulnerability. It is assumed that a malicious administrative user configures the affected product with specially crafted...

Rack Security Vulnerabilities

Rack is a modular Ruby web server interface. A security vulnerability exists in Rack versions prior to 3.0.9.1, 2.2.8.1, and 2.2.8.1, which stems from a carefully crafted content type header that could cause Rack's media type parser to take longer than expected, resulting in a denial of service...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were...

webkitgtk: Same Origin Policy bypass via crafted web content

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy...

Cross-Site Scripting (XSS)

odoo is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability allows a remote attacker to inject arbitrary web script via the browser of a victim, by posting crafted content...

CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

Cross site scripting

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

UBUNTU-CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...

webkitgtk: sensitive information disclosure issue

A vulnerability was found in webkitgtk, where a type confusion issue was addressed with improved memory handling. By this security flaw processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: memory disclosure issue was addressed with improved memory handling

A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...

webkitgtk: memory corruption issue leading to arbitrary code execution

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target syste...

webkitgtk: use-after-free issue leading to arbitrary code execution

A vulnerability was found in WebKitGTK. This issue exists due to a use-after-free error when processing maliciously crafted web content in WebKit. This may allow an attacker to trick the victim to visit a specially crafted website, causing an application to halt, crash, or perform arbitrary code...

webkitgtk: type confusion issue leading to arbitrary code execution

A vulnerability was found in webkitgtk, where a logic issue was addressed with improved state management. Processing maliciously crafted web content may disclose sensitive user information...