Lucene search
K

77 matches found

fedora
fedora
added 2020/09/25 5:47 p.m.28 views

[SECURITY] Fedora 31 Update: libxml2-2.9.10-4.fc31

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

6.5CVSS0.5AI score0.03672EPSS
Exploits1
fedora
fedora
added 2020/09/25 5:19 p.m.45 views

[SECURITY] Fedora 33 Update: libxml2-2.9.10-7.fc33

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

6.5CVSS0.5AI score0.03672EPSS
Exploits1
fedora
fedora
added 2020/09/16 2:44 p.m.59 views

[SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.07836EPSS
Exploits1
nessus
nessus
added 2020/06/12 12:0 a.m.29 views

Dotnetnuke 5.0.x < 9.6.1 (09.06.01)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 5.0.x prior to 9.6.1. It is, therefore, affected by a vulnerability. - The maintainers of jQuery published version 3.5.0 with a security fix included regarding HTML manipulation. Fixes for this...

5.6AI score
Exploits0References1
openvas
openvas
added 2020/05/05 12:0 a.m.253 views

jQuery 1.0.3 < 3.5.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability when appending HTML containing option elements. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References6
fedora
fedora
added 2020/04/30 2:51 a.m.32 views

[SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.07836EPSS
Exploits0
osv
osv
added 2020/04/29 10:19 p.m.300 views

GHSA-JPCQ-CGW6-V4J6 Potential XSS vulnerability in jQuery

Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround this issue without...

6.9CVSS7.2AI score0.8383EPSS
Exploits6References121
osv
osv
added 2020/04/29 10:15 p.m.39 views

CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.1CVSS6.8AI score0.99019EPSS
Exploits7References71
ptsecurity
ptsecurity
added 2020/04/29 12:0 a.m.12 views

PT-2020-4638

Name of the Vulnerable Software and Affected Versions jQuery versions 1.2 through 3.5.0 Description The issue is related to the execution of untrusted code when passing HTML from untrusted sources to jQuery's DOM manipulation methods, such as .html, .append, and others, even after sanitizing the...

8.6CVSS7.5AI score0.99019EPSS
Exploits7References361
ptsecurity
ptsecurity
added 2020/04/29 12:0 a.m.11 views

PT-2020-4421

Name of the Vulnerable Software and Affected Versions: jQuery versions 1.0.3 through 3.4.1 Description: The issue arises from insufficient cleaning of user-provided data when passing HTML elements to jQuery's DOM manipulation methods, such as .html and .append. This can allow an attacker to execu...

7.5CVSS7.5AI score0.99019EPSS
Exploits30References403
ubuntucve
ubuntucve
added 2020/04/15 8:15 p.m.40 views

CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.7AI score0.03935EPSS
Exploits0References7
zdi
zdi
added 2020/03/12 12:0 a.m.40 views

(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Xiaom...

5.5CVSS2.9AI score0.013EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2019/12/03 12:0 a.m.7 views

The vulnerability of the Secure/Multipurpose Internet Mail Extentions (S/MIME) and PGP email client Thunderbird functions allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Secure/Multipurpose Internet Mail Extentions S/MIME and PGP email client Thunderbird lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through...

7.8CVSS6.6AI score0.02469EPSS
Exploits0References12Affected Software6
nvd
nvd
added 2019/06/03 7:29 p.m.30 views

CVE-2019-6741

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must connect to a wireless...

9.3CVSS7.4AI score0.03225EPSS
Exploits0References1
prion
prion
added 2019/06/03 7:29 p.m.17 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must connect to a wireless...

5.8CVSS9.2AI score0.03225EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/06/03 6:15 p.m.33 views

CVE-2019-6741

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must connect to a wireless...

6.5CVSS9.3AI score0.03225EPSS
Exploits0References1
cve
cve
added 2019/06/03 6:15 p.m.70 views

CVE-2019-6741

CVE-2019-6741 affects Samsung Galaxy S9 devices. The vulnerability exists in the captive portal and can be triggered when a user connects to a wireless network. By manipulating HTML in the portal, an attacker can force a page redirection, allowing remote code execution in the context of the targe...

9.3CVSS9.3AI score0.03225EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2019/05/15 12:0 a.m.237 views

EulerOS Virtualization 3.0.1.0 : libxml2 (EulerOS-SA-2019-1559)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs...

7.5CVSS7AI score0.03681EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2019/03/05 12:0 a.m.9 views

PT-2019-18301 · Samsung · Samsung Galaxy S9

Name of the Vulnerable Software and Affected Versions: Samsung Galaxy S9 versions prior to January 2019 Security Update Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must connect to a wireless...

9.3CVSS7AI score0.03225EPSS
Exploits0References2
fedora
fedora
added 2018/11/28 2:43 a.m.30 views

[SECURITY] Fedora 29 Update: rubygem-loofah-2.2.3-1.fc29

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization XSS prevention. It includes some nice HTML sanitizers, which are based on HTML5lib's...

5.4CVSS0.7AI score0.0091EPSS
Exploits0
Rows per page
Query Builder