10 matches found
hibernate-validator Cross-site Scripting vulnerability
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
SUSE CVE-2015-4480
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding...
[SECURITY] Fedora 36 Update: geos-3.10.2-4.fc36
GEOS Geometry Engine - Open Source is a C++ port of the Java Topology Suite JTS. As such, it aims to contain the complete functionality of JTS in C++. This includes all the OpenGIS "Simple Features for SQL" spatial predicate functions and spatial operators, as well as specific JTS topology...
OSV-2020-2247 Stack-buffer-overflow in ot::MeshCoP::ChannelMaskEntryBase::GetEntrySize
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28315 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::MeshCoP::ChannelMaskEntryBase::GetEntrySize ot::MeshCoP::ChannelMaskEntryBase::GetNext ot::MeshCoP::ChannelMaskBaseTlv::IsValid...
UBUNTU-CVE-2019-13032
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not Sigil that uses FlightCrew as a library...
Eclipse Vert.xXML External Entity Injection Vulnerability
Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM , which is mainly used to build applications such as network utilities , Web applications , HTTP/REST microservices and so on. An XML external entity injection vulnerability exists in the 'isValid'...
Mozilla: Overflow issues in libstagefright (MFSA 2015-83)
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding...