cyclejs-group (>=0.3.0 <=1.0.0), fetch-rancher-metadata (>=1.0.9 <=1.0.10) +1 more potentially affected by CVE-2018-3753 via merge-object (=1.0.0)

merge-object NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on merge-object and may be impacted: - cyclejs-group =0.3.0, =1.0.9, =1.0.0, =1.0.4 Source cves: CVE-2018-3753 Source advisory: OSV:GHSA-FP82-2H99-3FPP...

Information disclosure

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge...

CVE-2018-8366

CVE-2018-8366 is an information disclosure vulnerability in Microsoft Edge tied to the Fetch API mis-handling a filtered response type. Root cause: Edge Fetch API incorrectly handles certain filtered response types, enabling an attacker to read the URL of a cross-origin request. Affected product/...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-21205)

Edge is the default browser that comes with Microsoft's operating systems. Microsoft Edge suffers from an information disclosure vulnerability that stems from the Edge Fetch API failing to have proper handling of filtered response types. An attacker could exploit the vulnerability to read the URL...

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could...

CVE-2018-16307

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name containing a random string is used...

Xiaomi MIWiFi Xiaomi_55DD Resource Loading Vulnerability

Xiaomi MIWiFi Xiaomi55DD is a wireless router from the Chinese company Xiaomi. A security vulnerability exists in Xiaomi MIWiFi Xiaomi55DD version 2.8.50. An attacker can exploit this vulnerability to cause the application to retrieve the contents of arbitrary external URLs and return those...

Code injection

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

DEBIAN-CVE-2018-16369

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

CVE-2018-16369

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

CVE-2018-16369

CVE-2018-16369 affects Xpdf 4.00 (XRef::fetch) where a crafted PDF can cause a stack DoS via AcroForm::scanField, as demonstrated by pdftohtml. The vulnerability is noted to possibly overlap CVE-2018-7453 (infinite recursion in AcroForm::scanField). Multiple advisories (e.g., Slackware SSA:2024-0...

Xpdf Denial of Service Vulnerability (CNVD-2019-17490)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A denial of service vulnerability exists in XRef::fetch in Xpdf 4.00 in XRef.cc. A remote attacker can exploit this vulnerability to cause a denial of service stack consumption via a...

PT-2018-3976 · Xpdf +2 · Xpdf +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.00 Description: The issue is related to errors in the code of the Xpdf software, specifically in the XRef::fetch function in XRef.cc. It allows remote attackers to cause a denial of service, which is a stack consumption, via a...

Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities

Binary data 700331.prm...

Yubico-Piv Buffer Overflow Vulnerability (CNVD-2018-16943)

Yubico-Piv is a tool for interacting with YubiKey's Identity Card PIV application. A buffer overflow vulnerability exists in the 'ykpivfetchobject' function in the lib/ykpiv.c file in Yubico-Piv version 1.5.0. The vulnerability can be exploited to execute malicious code via a specially crafted US...

chromium-browser: Cross origin information leak in Blink

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

CVE-2018-1288

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

CVE-2018-14358

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field...

DEBIAN-CVE-2018-14358

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field...