5255 matches found
ALPINE-CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
DEBIAN-CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
UBUNTU-CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
Cross-Site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser by storing the malicious code in STYLE elements...
CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
DEBIAN-CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
Cross site scripting
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
UBUNTU-CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
Adobe Acrobat Reader DC text field value remote code execution vulnerability redux
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.012.20035. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...
Cisco IOS ISDN Interface Denial of Service Vulnerability
According to its self-reported version, Cisco IOS Software is affected by a vulnerability in the ISDN functions which could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information element...
CVE-2018-5102
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...
CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
The vulnerability of the virtualization manager in Cisco IOS XE, allowing a attacker to execute arbitrary commands in the Linux kernel with root privileges.
The vulnerability of the virtualization manager in Cisco IOS XE operating systems exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the Linux base...
CVE-2019-4539
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812...
DEBIAN-CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
Cross site scripting
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...