CVE-2024-37166

CVE-2024-37166 affects the ghtml template engine. It enables user-controlled JavaScript execution in some render paths, i.e., an XSS risk. Version 2.0.0 adds mitigations by escaping HTML-special characters and the backtick, but the advisory states this does not provide comprehensive XSS protectio...

CLSA-2023-1697576053 Fix CVE(s): CVE-2023-4504

SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2023-4504.patch: check for end of buffer if there is an escaped character - CVE-2023-4504...

DEBIAN-CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

Netgear FM114P Wireless Firewall File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6807/info Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the...

Cross site scripting

The Microsoft Anti-Cross Site Scripting AntiXSS Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input, aka "AntiXSS Library Bypass...