libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c

A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-1986)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : libcroco (EulerOS-SA-2020-1986)

According to the version of the libcroco package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local,...

Remote Code Execution

sabberworm/php-css-parser is vulnerable to remote code execution. Untrusted user input is passed into eval when the functions allSelectors or getSelectorsBySpecificity are called which will lead to arbitrary code execution...

DEBIAN-CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

Remote code execution

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

CVE-2020-13756

Sabberworm PHP CSS Parser vulnerability CVE-2020-13756: before 8.3.1, the code calls eval on untrusted data via getSelectorsBySpecificity() or allSelectors(), enabling potential remote code execution. Affected product is Sabberworm PHP CSS Parser (and the php-horde-css-parser bundle). The issue i...

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

PT-2020-13657 · Sabberworm +2 · Sabberworm Php Css Parser +2

Name of the Vulnerable Software and Affected Versions: Sabberworm PHP CSS Parser versions prior to 8.3.1 php-horde-css-parser version 1.0.8-1ubuntu1+esm1 and earlier Description: The issue is related to the parsing of uncontrolled CSS data, which could lead to remote code execution. The functions...

Sabberworm PHP CSS Code Injection

Sabberworm PHP CSS parser - Code injection =============================================================================== Identifiers ------------------------------------------------- CVE-2020-13756 CVSSv3 score ------------------------------------------------- 8.6 -...

Sabberworm PHP CSS Code Injection Vulnerability

Exploit for php platform in category web applications Sabberworm PHP CSS parser - Code injection =============================================================================== Identifiers ------------------------------------------------- CVE-2020-13756 CVSSv3 score...

CVE-2020-12825

A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability. Mitigation To mitigate...

Remote Code Execution (RCE)

The kdelibs is vulnerable to Remote Code Execution RCE. A flaw was found in the way the KDE CSS parser handled content for the CSS "style" attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of...

CVE-2012-4512

The CSS parser khtml/css/cssparser.cpp in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service crash and possibly read memory via a crafted font face source, related to "type confusion."...

Type confusion

The CSS parser khtml/css/cssparser.cpp in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service crash and possibly read memory via a crafted font face source, related to "type confusion."...

CVE-2012-4512

CVE-2012-4512 affects Konqueror’s CSS parser (khtml/css/cssparser.cpp) in KDE 4.7.3. A remote attacker can crash the browser and possibly read memory via a crafted font-face source due to a type-confusion issue. Connected advisories (MiracleLinux AXSA-2012-970:03, SUSE/Security Advisories, Gentoo...