Lucene search
K

5259 matches found

OSV
OSV
added 2019/09/27 6:15 p.m.1 views

DEBIAN-CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

8.8CVSS8.4AI score0.01713EPSS
Exploits0References1
OSV
OSV
added 2019/09/27 6:15 p.m.7 views

CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.1CVSS8AI score
Exploits0References12
OSV
OSV
added 2019/09/27 6:15 p.m.5 views

CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

8.8CVSS8.7AI score
Exploits0References12
Prion
Prion
added 2019/09/27 6:15 p.m.21 views

Cross site scripting

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

4.3CVSS6.2AI score0.0145EPSS
Exploits0References12Affected Software3
Debian CVE
Debian CVE
added 2019/09/27 5:17 p.m.31 views

CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.1CVSS8AI score0.0145EPSS
Exploits0
Cvelist
Cvelist
added 2019/09/27 5:17 p.m.21 views

CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.9AI score0.0145EPSS
Exploits0References12
CVE
CVE
added 2019/09/27 5:16 p.m.310 views

CVE-2019-11746

CVE-2019-11746 is a use-after-free in video element handling that can cause a crash. Public sources in connected advisories confirm impact on Firefox versions below 69, Thunderbird <68.1 and <60.9 (and ESR branches

8.8CVSS8.8AI score0.01713EPSS
Exploits0References12Affected Software3
Cvelist
Cvelist
added 2019/09/27 5:16 p.m.17 views

CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

8.9AI score0.01713EPSS
Exploits0References12
OSV
OSV
added 2019/09/25 5:15 p.m.4 views

CVE-2019-16880

An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zipelements method...

9.8CVSS7.3AI score0.01691EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/09/25 4:17 p.m.21 views

CVE-2019-16880

An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zipelements method...

9.6AI score0.01691EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.3 views

The vulnerability of the do_ed_script function in the GNU Patch software’s source code (src/pch.c) allows a malicious actor to access confidential information and execute arbitrary commands, due to the lack of measures taken to neutralize special elements used in the operating system’s command syntax.

The vulnerability of the doedscript function in the GNU Patch software lies in its failure to prevent the neutralization of special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to access confidential information and execute arbitrary comman...

7.8CVSS5.8AI score0.0453EPSS
Exploits0References16Affected Software5
Cvelist
Cvelist
added 2019/09/18 8:41 p.m.26 views

CVE-2019-5042

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...

8.8CVSS8.6AI score0.02061EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/09/18 12:0 a.m.27 views

Mozilla Thunderbird < 68.1

The version of Thunderbird installed on the remote Windows host is prior to 68.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-30 advisory. - It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results ...

9.3CVSS7.2AI score0.0216EPSS
Exploits1References8
Veracode
Veracode
added 2019/09/11 12:6 a.m.35 views

Use-After-Free

firefox is vulnerable to use-after-free. The vulnerability exists due to the manipulating video elements which allows an attacker to do a potentially exploitable crash in the application...

8.8CVSS8.9AI score0.01713EPSS
Exploits0References15Affected Software5
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.10 views

PT-2019-5218 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a stored XSS attack that allows an attacker to inject JavaScript into STYLE elements. This can potentially impact the integrity of the data. The exploitation of this issue...

9.8CVSS6.5AI score0.4375EPSS
Exploits16References74
UbuntuCve
UbuntuCve
added 2019/09/04 12:0 a.m.49 views

CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.1CVSS6.8AI score0.0145EPSS
Exploits0References5
OSV
OSV
added 2019/09/04 12:0 a.m.1 views

UBUNTU-CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

6.1CVSS6.7AI score0.0145EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/08/26 12:0 a.m.24 views

Fedora 29 : nfdump (2019-9013b5e75d)

2019-08-14 - Fix compile issues - Fix output buffer size for lzo1xdecompresssafe 2019-08-07 - Fix VerifyExtensionMap 179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. 175 - Fix off by 1 array. 173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterSt...

7.8CVSS7.3AI score0.02709EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.50 views

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR...

9.8CVSS8.1AI score0.18756EPSS
Exploits34References46
RedHat Linux
RedHat Linux
added 2019/07/31 5:53 p.m.7 views

icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite

It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user...

8.2CVSS5.8AI score0.02743EPSS
Exploits0References4
Rows per page
Query Builder