Lucene search
K

5254 matches found

PyPA
PyPA
added 2019/02/04 9:29 p.m.7 views

PYSEC-2019-1

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...

7.4CVSS6.9AI score0.0116EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/02/04 9:29 p.m.2 views

UBUNTU-CVE-2019-1000007

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...

7.4CVSS5.8AI score0.0116EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2019/02/04 8:45 p.m.3 views

Mozilla: Use-after-free parsing HTML5 stream

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...

9.8CVSS7.3AI score0.12658EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2019/02/04 8:45 p.m.3 views

Mozilla: Use-after-free parsing HTML5 stream

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...

9.8CVSS7.3AI score0.12658EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2019/01/30 5:44 p.m.5 views

Mozilla: Use-after-free parsing HTML5 stream

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...

9.8CVSS7.3AI score0.12658EPSS
Exploits1References5
OSV
OSV
added 2019/01/30 12:0 a.m.1 views

UBUNTU-CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...

9.8CVSS7.3AI score0.12658EPSS
Exploits1References6
Veracode
Veracode
added 2019/01/29 5:28 a.m.9 views

Malicious Package

stream-combine is a malicious package designed to steal user's data when installed. The code searches all form elements for passwords, credit card numbers and CVC codes, and uploads the information to a remote server using HTML links embedded in the page or form actions...

6.6AI score
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2019/01/29 12:0 a.m.52 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 72 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 72.0.3626.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

9.6CVSS8.8AI score0.12879EPSS
Exploits3Affected Software1
Node.js
Node.js
added 2019/01/25 8:19 p.m.20 views

Malicious Package

Overview Version 2.0.2 of stream-combine has malicious code design to steal credentials and credit card information. The code searches all form elements for passwords, credit card numbers and CVC codes. It then uploads the information to a remote server using HTML links embedded in the page or fo...

6.7AI score
Exploits0Affected Software1
Veracode
Veracode
added 2019/01/15 9:18 a.m.23 views

Denial Of Service (DoS)

thunderbird is vulnerable to denial of service DoS attacks. The vulnerability exists as an out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data...

9.1CVSS8.8AI score0.03186EPSS
Exploits1References13Affected Software2
AlpineLinux
AlpineLinux
added 2019/01/11 6:0 p.m.42 views

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking...

4.3CVSS5.9AI score0.02279EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/10 12:0 a.m.39 views

Debian DSA-4364-1 : ruby-loofah - security update

It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

5.4CVSS6.2AI score0.0091EPSS
Exploits0References4
CNVD
CNVD
added 2018/12/29 12:0 a.m.2 views

Sanitize Input Validation Vulnerability

Sanitize Ruby is a whitelist-based HTML and CSS cleanup program. The program removes non-standard HTML and CSS from strings, etc. An input validation vulnerability exists in Sanitize Ruby version 4.6.0 and earlier. A remote attacker can exploit this vulnerability by applying unwhitelisted...

7.5CVSS7.6AI score0.0152EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.5 views

The vulnerability of the Kubernetes cluster management software lies in the lack of measures to neutralize special elements used in teams, allowing a hacker to execute arbitrary operating system commands.

The vulnerability of the Kubernetes cluster management software relates to the lack of measures taken to neutralize special elements used in operating systems’ commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...

7.3CVSS7.5AI score0.04107EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/12/20 12:0 a.m.6 views

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript is related to implementation errors in security checks for standard elements. This allows a perpetrator to circumvent security restrictions.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

5.3CVSS7.4AI score0.07825EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2018/11/21 10:21 p.m.42 views

SimpleMDE XSS Vulnerability

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...

6.1CVSS5.8AI score0.00788EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/11/21 9:29 p.m.33 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

3.8CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2018/11/21 9:0 p.m.20 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

5.5AI score0.00777EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2018/11/16 12:53 a.m.142 views

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

8.3CVSS7AI score0.07215EPSS
Exploits2
Veracode
Veracode
added 2018/11/09 2:29 p.m.12 views

Cross-site Scripting (XSS)

primefaces is vulnerable to a cross-site scripting XSS attack. The library does not properly escape HTML elements, allowing a malicious user to inject and execute arbitrary Javascript...

6AI score
Exploits0
Rows per page
Query Builder