PT-2022-5409 · Owasp · Owasp Antisamy

Name of the Vulnerable Software and Affected Versions: OWASP AntiSamy versions prior to 1.6.7 Description: The issue is related to the incorrect encoding of Cascading Style Sheets CSS content, allowing for HTML tag smuggling on STYLE content with crafted input. This can lead to cross-site scripti...

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

ALPINE-CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed when the injected content...

SUSE: Security Advisory (SUSE-SU-2019:0496-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wordpress WP Customer Reviews Cross-Site Scripting Vulnerability

Wordpress WP Customer Reviews is a Wordpress open source application plugin. A cross-site scripting vulnerability exists in the WP Customer Reviews WordPress plugin versions prior to 3.4.3. The vulnerability stems from the program not properly validating input and not encoding output. An attacker...

PT-2020-20862 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Safari versions prior to 13.1.2 iTunes for Windows versions prior to 12.10.8 iCloud for Windows versions prior to 11.3 and...

GNU LibreDWG Resource Management Error Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A resource management error vulnerability exists in the 'dwgencodeLWPOLYLINE' function of the dwg.spec file in GNU LibreDWG version 0.9.3 and earlier. The vulnerability stems from mismanagement of system resources e.g., memory,...

Debian DLA-2273-1 : shiro security update

It was discovered that there was two issues in shiro, a security framework for Java application : - CVE-2020-1957: Fix a path-traversal issue where a specially crafted request could cause an authentication bypass. - CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous...

[SECURITY] [DLA 2273-1] shiro security update

Package : shiro Version : 1.3.2-1+deb9u1 CVE IDs : CVE-2020-1957 CVE-2020-11989 Debian Bug : 955018 It was discovered that there was two issues in shiro, a security framework for Java application: CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an...

HTTP Request Smuggling

Overview meinheld is a High performance asynchronous Python WSGI Web Server Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It i...

KLA11515 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting attack, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete...

SUSE-SU-2019:1524-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

SUSE-SU-2019:14030-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

SUSE-SU-2019:14016-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

OPENSUSE-SU-2019:0307-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816 -...

SUSE-SU-2019:0496-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816 -...

DEBIAN-CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

June 21, 2018—KB4284863 (Preview of Monthly Rollup)

June 21, 2018—KB4284863 Preview of Monthly Rollup Improvements and fixes This nonsecurity update includes improvements and fixes that were a part of KB 4284815 released June 12, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates the...

sequelize SQL Injection Vulnerability

sequelize is a database ORM Object Relational Mapping tool for Node.js. An SQL injection vulnerability exists in sequelize 3.19.3 and earlier versions, which originates when the program uses an array as a string and fails to encode it correctly. The vulnerability can be exploited to remove IDs wi...