SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14584-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14584-1 advisory. - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from...

The vulnerability of the clean-css application software library at Avora Center, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the clean-css application software of Aurora Center relates to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially crafted regular expression...

5ug-cli (>=1.0.72 <=1.4.0), @11ty/eleventy-plugin-syntaxhighlight (>=3.1.0 <=3.1.1) +173 more potentially affected by CVE-2021-33587 via css-what (=4.0.0)

css-what NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on css-what and may be impacted: - 5ug-cli =1.0.72, =3.1.0, =0.0.1, =0.4.0-next.8, =0.4.0-next.8, =0.4.0-next.8, =2.8.1, =2.7.6, =2.8.0, =1.0.0-alpha.0, =1.0.0, =2.8.1, =2.8.3 and...

GHSA-Q8PJ-2VQX-8GGC Denial of service in css-what

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

Denial of service in css-what

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

Debian: Security Advisory (DLA-2678-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unspecified vulnerability in css-what

css-what is a CSS selector parser. A security vulnerability exists in css-what versions prior to 5.0.1, which stems from the fact that the css-what package does not ensure that property parsing has linear time complexity with respect to input size. No details of the vulnerability are available at...

CVE-2021-33587

A flaw was found in nodejs-css-what. The css-what package for Node.js does not ensure that attribute parsing has a Linear Time Complexity relative to the size of the input. The highest threat from this vulnerability is to system availability...

Denial Of Service (DoS)

css-what is vulnerable to denial of service. The vulnerability exists due to the system not ensuring that the attribute handler has Linear Time Complexity LTC relative to the size of the input causing the system to overload on the resource and crashing the system...

FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting

In the plugin, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. PoC Create or edit a gallery and add the following payload in the Custom CSS field:...

FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting

In the plugin, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. Create or edit a gallery and add the following payload in the Custom CSS field: Then, view t...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

DEBIAN-CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

CVE-2021-33587

CVE-2021-33587 affects the css-what package for Node.js (versions 4.0.0 through 5.0.0). The vulnerability arises from non-linear attribute parsing, which could lead to degraded performance or availability impacts as input size grows. The connected IBM/OSS references note a fixed release, with the...

css-what 安全漏洞

css-what is a CSS selector parser. A security vulnerability exists in css-what versions prior to 5.0.1, which stems from the fact that the css-what package does not ensure that property parsing has linear time complexity with respect to input size. No details of the vulnerability are available at...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

The vulnerability of the 3D CSS component in the Firefox browser, allowing attackers to perform spoofing attacks

The vulnerability of the 3D CSS component in the Firefox browser relates to the display of content outside the viewport of the web page. Exploiting this vulnerability can allow a malicious actor to perform spoofing attacks remotely...

Related Posts for WordPress < 2.0.5 - Authenticated Stored XSS & XFS

The plugin does not sanitise its headingtext and css settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues. PoC Payloads: $ m0ze"...

CVE-2021-23382

A regular expression denial of service ReDoS vulnerability was found in the npm library postcss when using getAnnotationURL or loadAnnotation options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service...