Lucene search
K

10 matches found

OSV
OSV
added 2025/06/23 1:15 a.m.12 views

AZL-64317 CVE-2025-6497 affecting package tidy 5.8.0-6

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public an...

4.8CVSS4.6AI score0.00134EPSS
Exploits0References1
Mozilla
Mozilla
added 2025/04/29 12:0 a.m.27 views

Security Vulnerabilities fixed in Thunderbird 138 — Mozilla

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

9.1CVSS8AI score0.00538EPSS
Exploits0References11Affected Software1
Snyk
Snyk
added 2025/03/12 8:54 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack...

9.8CVSS7.2AI score0.63792EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/08/10 11:15 p.m.6 views

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

6.5CVSS5.8AI score0.00702EPSS
Exploits1References5
RustSec
RustSec
added 2021/07/08 12:0 p.m.27 views

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

6.1CVSS1.3AI score0.00702EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/29 7:28 p.m.5 views

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

7.8CVSS7.2AI score0.07107EPSS
Exploits1References5
Zero Day Initiative
Zero Day Initiative
added 2011/03/02 12:0 a.m.42 views

Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...

9CVSS3.8AI score0.03181EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/11/13 12:0 a.m.17 views

SeaMonkey < 1.1.13 Multiple Vulnerabilities

Binary data 4753.prm...

10CVSS7.3AI score0.10187EPSS
Exploits2References27
Tenable Nessus
Tenable Nessus
added 2008/11/13 12:0 a.m.42 views

SeaMonkey < 1.1.13 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.13. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. MFSA 2008-47 - The canvas element can be used in conjunction with a...

10CVSS7.9AI score0.10187EPSS
Exploits2References25
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.30 views

openSUSE 10 Security Update : mutt (mutt-1701)

Mutt had a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability CVE-2006-3242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mutt-1701. The text...

7.5CVSS5.8AI score0.05889EPSS
Exploits1References1
Rows per page
Query Builder