PT-2022-20733 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: ITOP version 3.0.1 Description: A cross-site scripting XSS issue was found in ITOP. The vulnerability can be exploited via the "/itop/pages/ajax.render.php" API endpoint. Recommendations: For ITOP version 3.0.1, as a temporary workaround,...

GHSA-X43G-GJ9X-838X PhantomJS Arbitrary File Read

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

Malicious code in com.unity.render-pipelines.high-definition-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c67f837ca8ea83c83003168af81c90f02e07a73994e832484930baf383acb5b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2101 Malicious code in com.unity.render-pipelines.high-definition-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c67f837ca8ea83c83003168af81c90f02e07a73994e832484930baf383acb5b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-H2FP-XGX6-XH6F Pallets Werkzeug cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

[SECURITY] Fedora 34 Update: mingw-SDL2_ttf-2.0.18-2.fc34

Simple DirectMedia Layer SDL2 is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a library that allows you to use TrueType fonts to render text in SDL2 applications...

Mozilla Firefox Security Advisory (MFSA2021-20) - Windows

This host is missing a security update for Mozilla Firefox. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

UBUNTU-CVE-2022-27470

SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderTextSolid. This vulnerability is triggered via a crafted TTF file...

SDL_ttf 缓冲区错误漏洞

SDLttf is a wrapper around the excellent FreeType 2.0 library. A security vulnerability exists in SDLttf version 2.0.18 and earlier versions, which stems from an arbitrary memory write condition discovered via the TTFRenderTextSolid function. An attacker can exploit this vulnerability to cause...

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-24858 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-24858 Source advisory: OSV:GHSA-F9WG-5F46-CJMW...

Mozilla: iframe contents could be rendered outside the border

The Mozilla Foundation Security Advisory describes this flaw as: Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which arises from iframe content that can be rendered outside of boundaries...

DEBIAN-CVE-2021-26259

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in rendertablerow,in ps-pdf.cxx may lead to arbitrary code execution and denial of service...

UBUNTU-CVE-2021-26259

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in rendertablerow,in ps-pdf.cxx may lead to arbitrary code execution and denial of service...

OSV-2022-177 UNKNOWN READ in gx_dc_default_fill_masked

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44855 Crash type: UNKNOWN READ Crash state: gxdcdefaultfillmasked copyportrait imagerendersimple...

CVE-2022-25256

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfsrequestbacklabellist and saspfsrequestbackurllist. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing...

CVE-2022-25204

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

DEBIAN-CVE-2021-44960

In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function...

SVG++ 代码问题漏洞

SVG++ Ssvgpp is a C++ framework. The framework includes an SVG syntax parser, adapters for handling parsed data, and various utilities. SVGPP A security vulnerability exists in SVG++ that stems from the XMLDocument::getRoot function in the renderDocument function incorrectly handling the...

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to read name of private shelf shelf create by another user and not in public mode. However, due to incorrect HTML render, the application does not work as intended. Proof of Concept - Step 1: Login with admin account and ...