hibernate-validator Cross-site Scripting vulnerability

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

SUSE CVE-2015-4480

Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding...

[SECURITY] Fedora 36 Update: geos-3.10.2-4.fc36

GEOS Geometry Engine - Open Source is a C++ port of the Java Topology Suite JTS. As such, it aims to contain the complete functionality of JTS in C++. This includes all the OpenGIS "Simple Features for SQL" spatial predicate functions and spatial operators, as well as specific JTS topology...

OSV-2020-2247 Stack-buffer-overflow in ot::MeshCoP::ChannelMaskEntryBase::GetEntrySize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28315 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::MeshCoP::ChannelMaskEntryBase::GetEntrySize ot::MeshCoP::ChannelMaskEntryBase::GetNext ot::MeshCoP::ChannelMaskBaseTlv::IsValid...

UBUNTU-CVE-2019-13032

An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not Sigil that uses FlightCrew as a library...

Eclipse Vert.xXML External Entity Injection Vulnerability

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM , which is mainly used to build applications such as network utilities , Web applications , HTTP/REST microservices and so on. An XML external entity injection vulnerability exists in the 'isValid'...

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of the stagefright::SampleTable::isValid function in Firefox and Firefox ESR browsers is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Mozilla: Overflow issues in libstagefright (MFSA 2015-83)

Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding...