DEBIAN-CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

Design/Logic Flaw

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

PT-2022-7276

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.9.22.noko2 Description The issue is related to uncontrolled resource consumption when parsing ill-formed HTML markup, which can lead to a java.lang.OutOfMemoryError exception. This can be exploited by a remote...

Chain ID Is Not Resistant To Hard Fork and Other Token Supports In The Oracle Contract

Lines of code Vulnerability details Impact During the code review, It has been observed only the following chain ids are supported for the chainlink. 1 and 42 - The contracts are not upgradeable therefore If there is any hard fork or new chain support, the contract should be deployed again with...

[SECURITY] Fedora 36 Update: python-pillow-9.0.1-5.fc36

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

SQL Injection in Fork CMS

Fork CMS is vulnerable to SQL injection through marking blog comments on bulk as spam in versions prior to 5.11.1...

GHSA-RR8M-29G8-8CGC SQL Injection in Fork CMS

Fork CMS is vulnerable to SQL injection through marking blog comments on bulk as spam in versions prior to 5.11.1...

Sql injection

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

GHSA-QF2G-Q4MC-W7RR Cross-site Scripting in Fork CMS

Fork CMS prior to 5.11.1 is vulnerable to stored cross-site scripting. When uploading a new module, the description of the module can contain JavaScript code. The JavaScript code may be executed after uploading the new module and looking at the Details page...

Cross-site Scripting in Fork CMS

Fork CMS prior to 5.11.1 is vulnerable to stored cross-site scripting. When uploading a new module, the description of the module can contain JavaScript code. The JavaScript code may be executed after uploading the new module and looking at the Details page...

SQL Injection in Fork CMS

Fork CMS contains a SQL injection vulnerability in versions prior to version 5.11.1. When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable to SQL injection...

GHSA-Q863-CCHM-C6C6 SQL Injection in Fork CMS

Fork CMS contains a SQL injection vulnerability in versions prior to version 5.11.1. When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable to SQL injection...

Sql injection

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

forkcms 跨站脚本漏洞

forkcms is a software application. A CMS. A security vulnerability exists in forkcms prior to 5.11.1. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

GHSA-5W9C-RV96-FR7G Removal of functional code in faker.js

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js CVE-2021-23567. The...

PT-2022-1780 · Gerbv +4 · Gerbv +4

Name of the Vulnerable Software and Affected Versions: Gerbv versions 2.7.0 and dev commit b5f1eacd Gerbv forked version commit d7f42a9a Description: An out-of-bounds read issue exists in the RS-274X aperture macro outline primitive functionality. This can be triggered by a specially-crafted Gerb...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

PT-2022-7632 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.26/5.16.12 Description: The issue is related to a race condition in the sched fork function, which can be exploited to gain elevated privileges on vulnerable systems. This occurs because a task is not place...

GHSA-VP4X-94FF-2CMV Cross-site scripting in forkcms

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

Cross-site scripting in forkcms

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...