15 matches found
Astra Linux - уязвимость в openvswitch
An integer underflow occurred in the Organization Specific TLV in various versions of OpenvSwitch...
CVE-2026-32869
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...
Nextcloud 跨站脚本漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud versions prior to 5.5.4, prior to 6.0.6, and prior to 7.2.5, which stems from a malicious user bei...
Linux Distros Unpatched Vulnerability : CVE-2019-20397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double-free is present in libyang before v1.0-r1 in the function yyparse when an organization field is not terminated. Applications that use libyang to parse...
Nextcloud: Stored XSS in contacts app via organisation and title field
A stored XSS vulnerability was discovered in the contacts app of the software. The vulnerability could be triggered by inputting malicious code in the organization or title field...
CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...
SUSE CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
libyang: double-free in yyparse() when organization field is not terminated
A double-free flaw occurs in libyang in function yparse when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution...
CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
DEBIAN-CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
PT-2020-1241 · Libyang · Libyang
Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A double-free issue is present in the yyparse function when an organization field is not terminated, potentially causing a crash or code execution. This affects applications that use libyang to...
CVE-2012-0979
Cross-site scripting XSS vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving 1 registration or 2 editing of the user...
Cross site scripting
Cross-site scripting XSS vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving 1 registration or 2 editing of the user...
CVE-2012-0979
Cross-site scripting XSS vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving 1 registration or 2 editing of the user...