3385 matches found
CVE-2021-40749
Adobe Illustrator is affected by CVE-2021-40749 as part of APSB21-98; a NULL pointer dereference in Illustrator 25.4.1 and earlier (Windows/macOS) can cause DoS. The issue is addressed by Adobe in the 25.4.2 update (APSB21-98). Affected products/versions and explicit exploit details are corrobora...
CVE-2021-40748
Adobe Illustrator is affected by multiple vulnerabilities referenced under APSB21-98 with CVE-2021-40718, CVE-2021-40746, CVE-2021-40747, CVE-2021-40748, and CVE-2021-40749. The issues apply to Illustrator installations prior to version 25.4.2 on Windows and macOS, and include out-of-bounds reads...
CVE-2021-40744
CVE-2021-40744 is linked in connected sources to an Adobe Campaign vulnerability affecting Adobe Campaign Classic (ACC). The exposed flaw is a cross-site scripting (XSS) vulnerability stemming from insufficient input validation, enabling potential injection and execution of client-side code. The ...
CVE-2019-7967
Technical details for CVE-2019-7967 are not provided in the connected documents. The entry remains reserved/no public details here. Monitor for updates as information may be released later.
CVE-2019-7966
CVE-2019-7966 details are not provided in the supplied documents. No product, impact, or remediation information is available. Monitor for updates from official disclosures.
CVE-2017-16087
The connected advisories describe a vulnerability in the npm package fs-git where strings passed to the buildCommand method are not sanitized, allowing arbitrary code execution. Affected versions of fs-git do not sanitize inputs, enabling code execution via crafted input in buildCommand. The issu...
CVE-2016-1000224
The connected advisories describe a vulnerability in ezseed-transmission: affected versions download/run a script over HTTP, enabling a privileged-network attacker to perform a Man‑in‑the‑Middle attack and replace the script with malicious code, compromising the system running ezseed-transmission...
CVE-2016-1000230
CVE-2016-1000230 : The connected advisories describe an XSS vulnerability in the client-side rendering of Rendr templates inside a _block, with server-side rendering unaffected. Affected versions of Rendr are vulnerable to cross-site scripting when client-side rendering occurs in that block conte...
CVE-2016-1000226
The connected advisory GHSA-7F59-X49P-V8MQ documents a Cross-Site Scripting vulnerability in swagger-ui. Affected versions of swagger-ui are vulnerable to XSS in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, an attacker can trick users into ...
CVE-2016-1000234
The CVE-2016-1000234 entry maps to a Cross-Site Scripting issue in the jqTree component. Connected advisories (GHSA-GJHX-GXWX-JX9J and OSV) describe that affected versions of jqtree are vulnerable to XSS via the drag-and-drop operation when modifying tree data, allowing script content within a no...
CVE-2016-1000231
The CVE placeholder CVE-2016-1000231 is linked to a real issue in the emoji rendering library emojione. Affected versions are vulnerable to cross-site scripting (XSS) when user input is fed into functions such as toShort(), shortnameToImage(), unicodeToImage(), and toImage(). The root cause is im...
CVE-2016-1000233
CVE-2016-1000233 is a Swagger-UI cross-site scripting vulnerability described in the connected IBM bulletin. The issue arises when a Content-Type: application/javascript header is included while Swagger-UI processes a URL query string parameter, allowing a remote attacker to inject and execute ma...
CVE-2016-1000238
The CVE-2016-1000238 entry is linked to node-krb5 SPOOFING via unvalidated KDC. Affected: node-krb5 (Node.js module). Issue: KDC is not validated before authentication, allowing a network-attacker with time and access to spoof the KDC and impersonate a valid user without credentials. Impact: pote...
CVE-2016-1000228
Summary: The provided connected advisories describe a DOM-based XSS vulnerability in the npm package Gmail.js (gmail-js). Affected versions contain unsafe handling in the functions tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post, which pass user input directly...
CVE-2016-1000240
The connected advisories identify a Cross-Site Scripting (XSS) vulnerability in the c3 JavaScript charting library. Affected versions are vulnerable to XSS due to improper sanitization of HTML in rendered tooltips. The issue is documented in GHSA-GVG7-PP82-CFF3 and mirrored in OSV and npm advisor...
CVE-2016-1000242
The connected advisories describe a Denial of Service in the mqtt package (GHSA-HG78-C92R-HVWR / OSV entry). Affected mqtt versions crash the Node.js process when handling specially crafted MQTT packets, leading to a DoS. Remediation: upgrade to v1.0.0 or later. References include GitHub Advisory...
CVE-2016-3942
CVE-2016-3942 details in connected docs pertain to a remote code execution in the JavaScript template engine jsrender . Affected versions are vulnerable when server-delivered client-side templates dynamically embed user input, enabling an attacker to execute arbitrary code through crafted templat...
CVE-2017-16034
The CVE-2017-16034 entry maps to a real vulnerability in the Node.js pidusage package: affected versions pass unsanitized input to child_process.exec(), allowing arbitrary code execution in the ps method. The PoC is viable on Darwin, SunOS, FreeBSD, and AIX; Windows and Linux are not affected. Re...
CVE-2014-8882
The connected advisories identify a Regular Expression Denial of Service in the validator library’s isURL method affecting versions prior to 3.22.1; remediation is to update to 3.22.1 or later (GHSA-f5w6-r7rg-mcgq, OSV GHSA, and NODEJS advisory 42 reference validator.js). No exploitation details ...
CVE-2016-1000227
CVE-2016-1000227 is a reserved placeholder entry; connected advisories describe a cross-site scripting vulnerability in bootstrap-tagsinput. All versions are affected by unsanitized input passed to the itemTitle parameter, leading to XSS. The issue is not actively maintained (last updates circa 2...