5254 matches found
PYSEC-2019-1
aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...
UBUNTU-CVE-2019-1000007
aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...
Mozilla: Use-after-free parsing HTML5 stream
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...
Mozilla: Use-after-free parsing HTML5 stream
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...
Mozilla: Use-after-free parsing HTML5 stream
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...
UBUNTU-CVE-2018-18500
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...
Malicious Package
stream-combine is a malicious package designed to steal user's data when installed. The code searches all form elements for passwords, credit card numbers and CVC codes, and uploads the information to a remote server using HTML links embedded in the page or form actions...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 72 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 72.0.3626.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...
Malicious Package
Overview Version 2.0.2 of stream-combine has malicious code design to steal credentials and credit card information. The code searches all form elements for passwords, credit card numbers and CVC codes. It then uploads the information to a remote server using HTML links embedded in the page or fo...
Denial Of Service (DoS)
thunderbird is vulnerable to denial of service DoS attacks. The vulnerability exists as an out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data...
CVE-2018-4278
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking...
Debian DSA-4364-1 : ruby-loofah - security update
It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
Sanitize Input Validation Vulnerability
Sanitize Ruby is a whitelist-based HTML and CSS cleanup program. The program removes non-standard HTML and CSS from strings, etc. An input validation vulnerability exists in Sanitize Ruby version 4.6.0 and earlier. A remote attacker can exploit this vulnerability by applying unwhitelisted...
The vulnerability of the Kubernetes cluster management software lies in the lack of measures to neutralize special elements used in teams, allowing a hacker to execute arbitrary operating system commands.
The vulnerability of the Kubernetes cluster management software relates to the lack of measures taken to neutralize special elements used in operating systems’ commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...
The vulnerability of the software for processing, transforming, and generating documents using Ghostscript is related to implementation errors in security checks for standard elements. This allows a perpetrator to circumvent security restrictions.
The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...
SimpleMDE XSS Vulnerability
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2018-19421
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...
CVE-2018-19421
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...
USN-3824-1: OpenJDK 7 vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
Cross-site Scripting (XSS)
primefaces is vulnerable to a cross-site scripting XSS attack. The library does not properly escape HTML elements, allowing a malicious user to inject and execute arbitrary Javascript...