22 matches found
GHSA-48R7-HPM6-GFXM @angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)
A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...
MAL-2026-5739 Malicious code in sheratan_haha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...
EUVD-2023-27012
Malicious code in bioql PyPI...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the cookie date formatting process. An attacker can access sensitive memory contents by sending specially crafted cookie headers. Remediation There is no fixed version for libsoup. References - Gitlab Issue - Red...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
BIT-MEDIAWIKI-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
Code injection
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
CVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...
PT-2023-18770 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue was discovered in MediaWiki that allows JavaScript execution by staff/admin users who do n...
ALSA-2021:4201 Moderate: babel security and bug fix update
Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc. Security Fixes: python-babel: Relative path traversal allows attacke...
[SECURITY] Fedora 34 Update: babel-2.9.1-1.fc34
Babel is composed of two major parts: tools to build and work with gettext message catalogs a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc...
CVE-2019-19551
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...
Cross site scripting
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...
CVE-2019-19551
The CVE-2019-19551 entry describes an XSS vulnerability in Sangoma FreePBX’s Userman, affecting versions 13.0.76.43 through 15.0.20. The issue arises from insufficient sanitization of time/date formatting and time-zone fields in the User Management screen. An attacker with access to the User Cont...
December 5, 2018—KB4469041 Preview of cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019
December 5, 2018—KB4469041 Preview of cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 12/05/2018Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system...
Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB 4459944)
Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 KB 4459944 Applies to: Microsoft .NET Framework 4.5.2 Notice This update is included in the Preview of Quality Rollup that's dated November 27, 2018. This update was previously released as part of the...