77 matches found
[SECURITY] Fedora 31 Update: libxml2-2.9.10-4.fc31
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
[SECURITY] Fedora 33 Update: libxml2-2.9.10-7.fc33
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
[SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
Dotnetnuke 5.0.x < 9.6.1 (09.06.01)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 5.0.x prior to 9.6.1. It is, therefore, affected by a vulnerability. - The maintainers of jQuery published version 3.5.0 with a security fix included regarding HTML manipulation. Fixes for this...
jQuery 1.0.3 < 3.5.0 XSS Vulnerability
jQuery is prone to a cross-site scripting XSS vulnerability when appending HTML containing option elements. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
[SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
GHSA-JPCQ-CGW6-V4J6 Potential XSS vulnerability in jQuery
Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround this issue without...
CVE-2020-11022
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
PT-2020-4638
Name of the Vulnerable Software and Affected Versions jQuery versions 1.2 through 3.5.0 Description The issue is related to the execution of untrusted code when passing HTML from untrusted sources to jQuery's DOM manipulation methods, such as .html, .append, and others, even after sanitizing the...
PT-2020-4421
Name of the Vulnerable Software and Affected Versions: jQuery versions 1.0.3 through 3.4.1 Description: The issue arises from insufficient cleaning of user-provided data when passing HTML elements to jQuery's DOM manipulation methods, such as .html and .append. This can allow an attacker to execu...
CVE-2019-12520
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...
(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Xiaom...
The vulnerability of the Secure/Multipurpose Internet Mail Extentions (S/MIME) and PGP email client Thunderbird functions allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Secure/Multipurpose Internet Mail Extentions S/MIME and PGP email client Thunderbird lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through...
CVE-2019-6741
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must connect to a wireless...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must connect to a wireless...
CVE-2019-6741
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must connect to a wireless...
CVE-2019-6741
CVE-2019-6741 affects Samsung Galaxy S9 devices. The vulnerability exists in the captive portal and can be triggered when a user connects to a wireless network. By manipulating HTML in the portal, an attacker can force a page redirection, allowing remote code execution in the context of the targe...
EulerOS Virtualization 3.0.1.0 : libxml2 (EulerOS-SA-2019-1559)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs...
PT-2019-18301 · Samsung · Samsung Galaxy S9
Name of the Vulnerable Software and Affected Versions: Samsung Galaxy S9 versions prior to January 2019 Security Update Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must connect to a wireless...
[SECURITY] Fedora 29 Update: rubygem-loofah-2.2.3-1.fc29
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization XSS prevention. It includes some nice HTML sanitizers, which are based on HTML5lib's...