CVE-2023-26364

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

Input validation

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

CVE-2023-26364 Denial of Service of regular expression in package @adobe/css-tools

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

CVE-2023-26364 Denial of Service of regular expression in package @adobe/css-tools

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

CVE-2023-26364

Technical details for CVE-2023-26364 are not provided in the connected documents. Public details are limited to the initial description; no vendor/product/impact specifics beyond a brief note. Monitor for updates.

Adobe css-tools security vulnerability

Adobe css-tools is a CSS parser/string generator for Node.js from Adobe USA. A security vulnerability exists in Adobe css-tools version 4.3.0 and prior versions, which stems from incorrect input validation, resulting in a minor denial of service when attempting to parse CSS...

@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...

Security Bulletin: IBM Storage Fusion may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)

Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability...

PT-2023-7748 · Adobe · @Adobe/Css-Tools

Name of the Vulnerable Software and Affected Versions: @adobe/css-tools versions 4.3.1 and earlier Description: The issue is related to an Improper Input Validation vulnerability in the CSS parser for Node.js. This vulnerability could result in a denial of service while attempting to parse CSS,...

Fedora: Security Advisory for roundcubemail (FEDORA-2023-70578c5599)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : podman (ELSA-2023-6474)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6474 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...

Oracle Linux 9 : containernetworking-plugins (ELSA-2023-6402)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6402 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.5-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

kernel: cgroup: Use separate src/dst nodes when preloading css_sets for migration

In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to...

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

KLA61976 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 on-premises can be exploited remotely to spoof user...

Debian dla-3652 : ruby-sanitize - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3652 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/...

The vulnerability in the cr_tknzr_parse_comment function of the cr-tknzr.c component, a library for working with cascading tables in CSS2 Libcroco, allows a hacker to cause a service failure.

The vulnerability of the crtknzrparsecomment function in the cr-tknzr.c component of the Libcroco library for working with cascading tables in css2 is related to the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause servic...

CVE-2023-31077

Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...