GSD-2022-1000183 udf: Fix NULL ptr deref when converting from inline format

udf: Fix NULL ptr deref when converting from inline format This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.96 by commit...

GSD-2022-1000148 udf: Fix NULL ptr deref when converting from inline format

udf: Fix NULL ptr deref when converting from inline format This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.176 by commit...

Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

GHSA-F246-XRRJ-G8J6 Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

Rocky Linux 8 : firefox (RLSA-2021:3157)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3157 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash. This...

GHSA-5V2H-R2CX-5XGJ Inefficient Regular Expression Complexity in marked

Impact What kind of vulnerability is it? Denial of service. The regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings. PoC is the following. javascript import as marked from 'marked'; console.logmarked.parsex: x \\; Who is impacted? Anyone who runs...

PT-2022-7077 · Marked +1 · Marked +1

Name of the Vulnerable Software and Affected Versions: Marked versions prior to 4.0.10 Description: The issue is related to a denial of service caused by the regular expression inline.reflinkSearch potentially leading to catastrophic backtracking against some strings. This can affect anyone who...

Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

PT-2025-8362 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified, which can cause a kernel panic. The issue arises when the inline dots flag is set in a special file, such as a character, block...

CVE-2021-43856

Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...

Wiki.js 跨站脚本漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. Requarks Wiki.js suffers from a cross-site scripting vulnerability that stems from a stored cross-site scripting attack that could be performed by a malicious Wiki.js...

CVE-2021-43827 Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes

discourse-footnote is a library providing footnotes for posts in Discourse. Impact When posting an inline footnote wrapped in tags e.g. ^footnote, the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on top...

Unsafe inline XSS in pasting DOM element into chat

Impact Inline scripts are executed when Javascript is parsed via a paste action. 1. Open https://watch.owncast.online/ 2. Copy and then paste into the chat field. 3. An alert should pop up. Patches ⋮ 13 │ // Content security policy ⋮ 14 │ csp := string ⋮ 15 │ "script-src 'self'...

Buffer overflow

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...

PT-2021-22441 · Owncast · Owncast

Name of the Vulnerable Software and Affected Versions: Owncast versions prior to 0.0.9 Description: The issue concerns the execution of inline scripts when Javascript is parsed via a paste action in the chat server. This can lead to the execution of malicious scripts. The problem is resolved by...

Grafana Information Disclosure Vulnerability (CNVD-2021-101998)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, etc. An information disclosure vulnerability exists in Grafana Agent versions 0.20.1 and earlier an...

Instance config inline secret exposure in Grafana

Impact Some inline secrets are exposed in plaintext over the Grafana Agent HTTP server: Inline secrets for metrics instance configs in the base YAML file are exposed at /-/config Inline secrets for integrations are exposed at /-/config Inline secrets for Consul ACL tokens and ETCD basic auth when...

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

Authentication flaw

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...