5255 matches found
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
Denial Of Service (DoS)
html-to-text is vulnerable to denial of service DoS. The library does not properly handle parsed HTML when it either very deep or has a big amount of DOM elements, allowing a malicious user to cause an application crash...
The vulnerability in the embedded software of NETGEAR routers such as NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, NETGEAR RBS750, NETGEAR RBK842, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBR850, and NETGEAR RBS850 exists due to the failure to take measures to eliminate special elements used in the operating system. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of NETGEAR’s embedded software, including models like NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, NETGEAR RBS750, NETGEAR RBK842, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBR850, and NETGEAR RBS850, exists due to the lack of...
SUSE-SU-2020:0629-2 Security update for librsvg
This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...
SUSE-SU-2020:0629-1 Security update for librsvg
This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...
kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...
Cross-Site Scripting (XSS)
markdown2 is vulnerable to cross-site scripting XSS attacks. The vulnerability is introduced because of using a loosely defined regular expression for incompletetagsre string in the function encodeampsandangles causing a bypass of HTML element if a user passes a malicious string with a new line...
The vulnerability of Azure DevOps Server’s software development tools, related to the failure to take measures to neutralize special elements, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of Azure DevOps Server lies in the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...
Cross site scripting
In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...
Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize
When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a or element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config o...
PT-2020-5919 · Siemens · Sinamics Startdrive +14
Name of the Vulnerable Software and Affected Versions: SIMATIC Automation Tool versions prior to V4 SP2 SIMATIC NET PC Software V14 versions prior to V14 SP1 Update 14 SIMATIC NET PC Software V15 versions SIMATIC NET PC Software V16 versions prior to V16 Upd3 SIMATIC PCS neo versions prior to V3....
CVE-2020-7676
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
Security update for libreoffice (moderate)
openSUSE Security Update: Security update for libreoffice Announcement ID: openSUSE-SU-2020:0786-1 Rating: moderate References: 1160687 1165870 1167463 1171997 Cross-References: CVE-2020-12801 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has three fixes is now...
Schneider-electric Ecostruxure Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...
The vulnerability of the Adobe Digital Editions e-book reading program, which exists due to the failure to take measures to neutralize special elements, allows a violator to execute arbitrary code.
The vulnerability of the Adobe Digital Editions e-book reading program exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...