911 matches found
PT-2020-13540 · FFmpeg · Ffjpeg
Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2020-02-24 Description: The issue is related to an invalid read in the jfif encode function located in jfif.c. Recommendations: For versions prior to 2020-02-24, at the moment, there is no information about a newer...
U.S. Dept Of Defense: RXSS - https://████████/
Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to Those Links. https://██████/A'onerror=%22alert%601%60%22testabcd/ Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response headers Content Security Policy...
exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...
exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...
Cross-Site Scripting (XSS)
markdown2 is vulnerable to cross-site scripting XSS attacks. The vulnerability is introduced by an incomplete fix to properly encode ampersands and angle brackets in the function encodeampsandangles,allowing an attacker to inject arbitrary Javascript into a victim's browser...
EulerOS Virtualization 3.0.2.2 : perl (EulerOS-SA-2020-1476)
According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-depende...
ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...
ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c
A memory leak was discovered in ImageMagick in function Huffman2DEncodeImage in ps2.c. An application that uses ImageMagick to parse PS2 images may be vulnerable to this flaw and crash due to some memory that is never freed...
DEBIAN-CVE-2020-7212
The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...
UBUNTU-CVE-2020-7212
The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...
PYSEC-2020-149
The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...
Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them CVE-2019-10785...
PT-2020-5140 · Python +1 · Urllib3 +1
Name of the Vulnerable Software and Affected Versions: urllib3 library versions 1.25.2 through 1.25.7 Description: The issue is related to an inefficient algorithm in the encode invalid chars function, which can lead to a denial of service due to CPU consumption. This happens because the percent...
UBUNTU-CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them...
CVE-2019-10785
CVE-2019-10785 affects the Dojo/Dojox component, where dojox.xmpp.util.xmlEncode only encodes the first occurrence of each character, enabling cross-site scripting in affected Dojo versions prior to 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. The connected IBM and Nessus entries corroborat...
Cross-site Scripting (XSS)
Overview dojox is a dojo extension, a rollup of many useful sub-projects and varying states of maturity, from very stable and robust, to alpha and experimental. Affected versions of this package are vulnerable to Cross-site Scripting XSS. dojox.xmpp.util.xmlEncode only encodes the first occurrenc...
DEBIAN-CVE-2014-9629
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value...
CVE-2014-9629
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value...
UBUNTU-CVE-2014-9629
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value...
Integer overflow
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value...