5259 matches found
DEBIAN-CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
Cross site scripting
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-11746
CVE-2019-11746 is a use-after-free in video element handling that can cause a crash. Public sources in connected advisories confirm impact on Firefox versions below 69, Thunderbird <68.1 and <60.9 (and ESR branches
CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
CVE-2019-16880
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zipelements method...
CVE-2019-16880
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zipelements method...
The vulnerability of the do_ed_script function in the GNU Patch software’s source code (src/pch.c) allows a malicious actor to access confidential information and execute arbitrary commands, due to the lack of measures taken to neutralize special elements used in the operating system’s command syntax.
The vulnerability of the doedscript function in the GNU Patch software lies in its failure to prevent the neutralization of special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to access confidential information and execute arbitrary comman...
CVE-2019-5042
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...
Mozilla Thunderbird < 68.1
The version of Thunderbird installed on the remote Windows host is prior to 68.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-30 advisory. - It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results ...
Use-After-Free
firefox is vulnerable to use-after-free. The vulnerability exists due to the manipulating video elements which allows an attacker to do a potentially exploitable crash in the application...
PT-2019-5218 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a stored XSS attack that allows an attacker to inject JavaScript into STYLE elements. This can potentially impact the integrity of the data. The exploitation of this issue...
CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
UBUNTU-CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
Fedora 29 : nfdump (2019-9013b5e75d)
2019-08-14 - Fix compile issues - Fix output buffer size for lzo1xdecompresssafe 2019-08-07 - Fix VerifyExtensionMap 179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. 175 - Fix off by 1 array. 173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterSt...
NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)
The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR...
icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite
It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user...