Holder can generate proof of ownership for credentials it does not control in vp-toolkit

Impact The verifyVerifiablePresentation method check the cryptographic integrity of the Verifiable Presentation, but it does not check if the credentialSubject.id DID matches the signer of the VP proof. The verifier is impacted by this vulnerability. Patches Patch will be available in version...

discord-html not escaping HTML code blocks when lacking a language identifier

Impact Any website using discord-markdown with user-generated markdown is vulnerable to having code injected into the page where the markdown is displayed. Patches This has been patched in version 2.3.1 Workarounds Escape the characters & before sending plain code blocks to discord-markdown...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5642531954229248 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash...

PowerDNS Authoritative Server 4.x < 4.2.0 DoS Vulnerability

PowerDNS Authoritative Server is prone to a denial of service DoS vulnerability when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

graphite.composer.views.send_email vulnerable to SSRF

Impact sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and the...

Loofah -- XSS vulnerability

GitHub issue: This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported by https://hackerone.com/vxhex In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

Cross-Site Scripting

Overview All versions of hexo-admin are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts. Recommendation No fix is currently available. Consider...

CVE-2019-17401

libyal liblnk 20191006 has a heap-based buffer over-read in the networksharenameoffset20 code block of liblnklocationinformationreaddata in liblnklocationinformation.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue...

CVE-2019-17401

libyal liblnk 20191006 has a heap-based buffer over-read in the networksharenameoffset20 code block of liblnklocationinformationreaddata in liblnklocationinformation.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue...

CVE-2019-17401

libyal liblnk 20191006 has a heap-based buffer over-read in the networksharenameoffset20 code block of liblnklocationinformationreaddata in liblnklocationinformation.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue...

CVE-2019-17401

libyal liblnk 20191006 has a heap-based buffer over-read in the networksharenameoffset20 code block of liblnklocationinformationreaddata in liblnklocationinformation.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue...

CVE-2019-17264

In libyal liblnk before 20191006, liblnklocationinformationreaddata in liblnklocationinformation.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue...

CVE-2019-17263

In libyal libfwsi before 20191006, libfwsiextensionblockcopyfrombytestream in libfwsiextensionblock.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed thi...

CVE-2019-17264

In libyal liblnk before 20191006, liblnklocationinformationreaddata in liblnklocationinformation.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue...

CVE-2019-17263

In libyal libfwsi before 20191006, libfwsiextensionblockcopyfrombytestream in libfwsiextensionblock.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed thi...

Cross-Site Scripting

Overview Versions of @novnc/novnc prior to 0.6.2 are vulnerable to Cross-Site Scripting XSS. The package fails to validate input from the remote VNC server such as the VNC server name. This allows an attacker in control of the remote server to execute arbitrary JavaScript in the noVNC web page. I...

Cross-Site Scripting

Overview All versions of mavon-editor are vulnerable to Cross-Site Scripting. The package fails to sanitize entered input, allowing attackers to execute arbitrary JavaScript in a victim's browser. Recommendation No fix is currently available. Consider using an alternative package until a fix is...

Cross-Site Scripting

Overview Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary...

Regular Expression Denial of Service

Overview Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service ReDoS. The SimpleMarkdown.defaultInlineParse function has significantly degraded performance when parsing inline code blocks. Recommendation Upgrade to version 0.5.2 or later. References -...

Command Injection

Overview All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. Recommendation No fix is...