13 matches found
Improper Validation of Syntactic Correctness of Input
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in token.go, which incorrectly interprets tags as closing tags, allowing...
CVE-2020-26310 GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser
Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...
CVE-2020-26310 GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser
Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...
Mageia: Security Advisory (MGASA-2018-0399)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2018-0399 Updated calibre packages fix security vulnerability
Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Updated calibre packages fix security vulnerability
Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Mozilla: Use-after-free in HTML5 string parser (MFSA 2016-23)
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...
DEBIAN-CVE-2016-1960
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...
CVE-2016-1960
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...
Integer overflow
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...
CVE-2016-1960
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...
CVE-2016-1960
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...
UBUNTU-CVE-2016-1960
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...