522 matches found
PT-2018-13880 · Go · Html Package
Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions prior to 2018-07-13 Description: The issue is related to the HTML parser mishandling "in frameset" insertion mode. This can lead to a panic when parsing malformed HTML that contains tags, potentially...
CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
Updated lynx package fixes security vulnerability
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself. CVE-2017-1000211...
MGASA-2017-0451 Updated lynx package fixes security vulnerability
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself. CVE-2017-1000211...
CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
Lynx 'HTML.c:HTML_put_string()' memory misreference vulnerability
Lynx is a text-only web browser. html parser is one of the HTML parsers. A memory misreference vulnerability exists in Lynx 'HTML.c:HTMLputstring'. An attacker could exploit this vulnerability to cause a memory leak...
Debian DLA-1175-1 : lynx-cur security update
It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure. For Debian 7 'Wheezy', this issue has been fixed in lynx-cur version 2.8.8dev.12-2+deb7u2. We recommend that you...
[SECURITY] [DLA 1175-1] lynx-cur security update
Package : lynx-cur Version : 2.8.8dev.12-2+deb7u2 CVE ID : CVE-2017-1000211 It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure. For Debian 7 "Wheezy", this issue has bee...
CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
Design/Logic Flaw
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
UBUNTU-CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
DEBIAN-CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
CVE-2017-1000211
CVE-2017-1000211 affects Lynx up to 2.8.9dev.16, where a use-after-free in the HTML parser (HTML_put_string) can lead to memory disclosure. The issue is triggered by the parser potentially appending a chunk to itself, enabling memory disclosure on affected builds. Reported in multiple advisories ...
CVE-2017-1000211
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...
Cloudflare CTO Goes Inside the Cloudbleed Bug
MADRID—John Graham-Cumming presided over a confessional Wednesday at Virus Bulletin 2017. Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug, which leaked memory from the content delivery network that included internal private keys and authentication...
libxml2 Denial of Service Vulnerability (CNVD-2017-07341)
Libxml2 is an XML C parser and toolkit developed for the Gnome project but available outside of the Gnome platform, and it is free software under the MIT license. A denial of service vulnerability exists in the htmlParseTryOrFinish function in HTMLparser.c in libxml2. A remote attacker could...
UBUNTU-CVE-2017-8872
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure...