EulerOS 2.0 SP8 : libcroco (EulerOS-SA-2019-2284)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error...

DEBIAN-CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

Input validation

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

UBUNTU-CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

Chaturbate: Camo Image Proxy Bypass with CSS Escape Sequences

Summary With CSS escape sequences it is possible to bypass CSS url detection and filtering. Details Users can use HTML tags in their Profile Bio in About Me and Wish List fields. Among other filtering and sanitization, image URLs are replaced by URLs on internal image proxy. For example, this...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

The CVE-2019-13714 entry concerns Google Chrome before 78.0.3904.70, where insufficient validation of untrusted input in the Color Enhancer extension can allow CSS injection into an HTML page via a crafted URL. Affected product: Google Chrome (earlier than 78.0.3904.70). Root cause/impact: CSS in...

htmlcssjs.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1014053 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

chromium-browser: CSS injection

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

Mozilla Firefox ESR < 31.7 Multiple Vulnerabilities

Binary data 701255.prm...

GitLab: Double linking cause XSS (but blokeced by CSP in gitlab.com)

Summary URL display on Gitlab.com is currently broken. There is a risk of XSS due to double conversion of URLs into links. However, 12.5 incorporating the fix has not yet been released and is blocked by CSP at gitlab.com. Steps to reproduce 1. Login to gitlab.com 2. Create new project 3. Create a...

openSUSE Security Update : chromium / re2 (openSUSE-2019-2420)

This update for chromium, re2 fixes the following issues : Chromium was updated to 78.0.3904.70 boo1154806 : - CVE-2019-13699: Use-after-free in media - CVE-2019-13700: Buffer overrun in Blink - CVE-2019-13701: URL spoof in navigation - CVE-2019-13702: Privilege elevation in Installer -...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2425-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2420-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

KLA11602 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service. Below is a complete list of vulnerabilities: 1. Multiple memory corruption vulnerabilities in WebKit...

KLA11714 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Cross-origin data leak vulnerability can be exploited to arbitrary code executio...

Google Chrome Code Injection Vulnerability

Google Chrome is a web browser from Google, an American company. A code injection vulnerability exists in versions of Google Chrome prior to 78.0.3904.70, which stems from the program not performing proper input validation when processing CSS files. An attacker can exploit the vulnerability to...

Google Chrome Security Updates (stable-channel-update-for-desktop_22-2019-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...