GHSA-7889-RM5J-HPGG Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Affected packages The vulnerability has been discovered in clipboard plugin. All plugins with clipboard plugin dependency are affected: clipboard pastetext pastetools widget uploadwidget autolink tableselection Impact A potential vulnerability has been discovered in CKEditor 4 Clipboard package...

WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors PoC POST /wp-admin/admin.php?page=wpagecontact-plugin...

MicroCopy <= 1.1.0 - Authenticated SQL Injection

The edit functionality in the plugin makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET...

Cross-Site Scripting (XSS)

ckeditor is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the paste functionality...

OPENSUSE-SU-2021:2788-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to go1.16.7: - go47473 net/http: panic due to racy read of persistConn after handler panic CVE-2021-36221 bsc1189162 - go47348 cmd/go: 'go list -f '.Stale'' stack overflow with cyclic imports - go47332 time: Timer reset broken under heavy...

[SECURITY] Fedora 33 Update: libtpms-0.8.4-2.20210624gita594c4692a.fc33

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64077)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64084)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

[SECURITY] Fedora 34 Update: libtpms-0.8.4-2.20210624gita594c4692a.fc34.0

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

CVE-2021-25957

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

OPENSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 bsc1188846 - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld...

Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability

Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...

CVE-2021-38756

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Input validation

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-28589

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-28589

CVE-2020-28589 affects tinyobjloader, specifically the LoadObj functionality in v2.0-rc1 and the development commit 79d4421. Affected component/function/file: LoadObj; root cause: improper array index validation. Impact per sources: could lead to code execution upon processing a specially crafted...