9 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-5523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace...
Debian: Security Advisory (DLA-273-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED11 Security Update : tidy (SUSE-SU-2015:1525-1)
This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service crash via vectors involving a command character in an href. CVE-2015-5522, CVE-2015-5523 Note that Tenable Network Security has extracted the precedin...
CVE-2015-5523
CVE-2015-5523 affects the tidy project (libtidy) ParseValue() in lexer.c; multiple whitespace before an empty href can trigger a large memory allocation and remote DoS. Affected: tidy/libtidy prior to 4.9.31. Remediation: upgrade to 4.9.31+ (vendors like SUSE/Debian reference patching; see SUSE-S...
Debian DLA-273-1 : tidy security update
Fernando Muoz discovered a security issue on the HTML syntax checker and reformatter tidy. Tidy did not properly process specific character sequences, and a remote attacker could exploit this flaw to cause a DoS, or probably, execute arbitrary code. Two different CVEs were assigned to this issue...
Debian DSA-3309-1 : tidy - security update
Fernando Munoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service crash or potentially execute arbitrary code. Geoff McLane also discovered that a similar issue...
[SECURITY] [DSA 3309-1] tidy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3309-1 (tidy - security update)
Fernando Muoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service crash or potentially execute arbitrary code. Geoff McLane also discovered that a similar issue...
DLA-273-1 tidy - security update
Bulletin has no description...