635 matches found
CVE-2021-37326
CVE-2021-37326 affects NetSarang Xshell 7 prior to Build 0077. The description specifies that paste operations contain unintended code strings, identifying the vulnerable component and root cause. The available documents do not provide exploit details, affected versions beyond the stated pre-0077...
CVE-2021-37326
NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations...
NetSarang Xshell 信息泄露漏洞
NetSarang Xshell is an ssh client from NetSarang. A security vulnerability exists in versions prior to NetSarang Xshell 7 build0077, which stems from the software containing unexpected code strings during paste operations...
Remote Code Execution (RCE)
@github/paste-markdown is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of the input into innerHTML property when copied from clipboard...
CVE-2021-37700
@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...
CVE-2021-37700 Clipboard-based DOM-XSS
@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...
Clipboard-based DOM-XSS
Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...
GHSA-GPFJ-4J6G-C4W9 Clipboard-based DOM-XSS
Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...
DEBIAN-CVE-2021-32809
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...
UBUNTU-CVE-2021-32809
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...
CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...
PT-2021-6524
Name of the Vulnerable Software and Affected Versions CKEditor versions 4.5.2 through 4.16.1 CKEditor 4 plugins with clipboard plugin dependency versions 4.5.2 and later, including: clipboard pastetext pastetools widget uploadwidget autolink tableselection Description The issue is related to...
paste-markdown 跨站脚本漏洞
paste-markdown is a paste Markdown object. A cross-site scripting vulnerability exists in paste-markdown versions prior to 0.3.4, which stems from dynamically creating a div if the clipboard data contains the string and copying the clipboard content into its innerHTML attribute without any cleanu...
CKEditor 跨站脚本漏洞
CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability in the CKEditor 4 Clipboard package allows users to abuse the paste function with malformed HTML, which could result in injecting arbitrary HTML into the editor...
New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits
A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...
September 1, 2021—KB5005101 (OS Builds 19041.1202, 19042.1202, and 19043.1202) Preview
September 1, 2021—KB5005101 OS Builds 19041.1202, 19042.1202, and 19043.1202 Preview 6/15/21 IMPORTANT This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the Update on Adobe Flash Player End of Support. 11/17/20...
kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...
kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...
CVE-2021-31701
Mintty before 3.4.7 mishandles Bracketed Paste Mode...
CVE-2021-31701
Mintty before 3.4.7 mishandles Bracketed Paste Mode...