429 matches found
DEBIAN-CVE-2018-19214
Netwide Assembler NASM 2.14rc15 has a heap-based buffer over-read in expandmmacparams in asm/preproc.c for insufficient input...
Cross-Site Scripting (XSS)
angular-gettext is vulnerable to cross-site scripting. interpolationContext is passed to getString or getPlural functions in dist/angular-gettext.js and src/directive.js, which allows attackers to inject arbitrary Javascript code into a victim's browser when the attribute...
The vulnerability of the interpreter for software used for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code.
The vulnerability of the interpreter used in software for processing, transforming, and generating Ghostscript documents is related to errors in the data type conversion of the LockDistillerParams parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...
Artifex Ghostscript Type Obfuscation Vulnerability
Ghostscript is based on Adobe Systems PostScript and Portable Document Format PDF page description language interpreter set of software. A type confusion vulnerability exists in the 'LockDistillerParams' parameter in Artifex Ghostscript version 9.23 prior to 2018-08-23, which can be exploited by ...
DEBIAN-CVE-2018-15910
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code...
ALPINE-CVE-2018-15910
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code...
UBUNTU-CVE-2018-15910
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code...
The vulnerability of the `csr_update_fils_params_rso` function in the Qualcomm WLAN operating system for Android, found in the CAF file, allows a attacker to increase their privileges.
The vulnerability of the csrupdatefilsparamsrso function in the Qualcomm WLAN operating system’s Android component, found in the CAF file, is caused by a numerical overflow. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
Gitlab -- multiple vulnerabilities
Gitlab reports: Wiki XSS Sanitize gem updates XSS in urlforparams Content injection via username Activity feed publicly displaying internal project names Persistent XSS in charts...
CVE-2018-11627
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
CVE-2018-11627
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
Cross site request forgery (csrf)
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
CVE-2018-11627
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
CVE-2018-11627
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
CVE-2018-11627
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
XSS via the 400 Bad Request page
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...
Foxit Reader ConvertToPDF_x86 jpg Parsing Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2018-09958)
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of interactive properties of the PrintParams object, due to a lack of proper memory initialization before accessing memory, which can be exploited by an attacker to obtain...
zsh Denial of Service Vulnerability
Z Shell Zsh is a Unix shell that can be used as an interactive login shell and a powerful shell script command interpreter. A denial of service vulnerability exists in params.c in zsh versions 5.4.2 and earlier during the copying of an empty hash table. An attacker can exploit this vulnerability ...
strongSwan rsa_pss_params_parse function denial of service vulnerability
strongSwan is a complete IPsec implementation for Linux 2.6, 3.x and 4.x kernels. A denial of service vulnerability exists in the rsapssparamsparse function in libstrongswan/credentials/keys/signatureparams.c in strongSwan 5.6.1. The vulnerability allows remote attackers to submit special...
MapsMarker.com e.U.: [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php
At first, I thought, that my finding is a valid sql injection but I was wrong because of WordPress currently adding magic slashes to COOKIE/POST/GET - this is a very special behaviour which may be remove in the future. There are tons of requests to remove this "old" technique. Nevertheless I...