DEBIAN-CVE-2021-44960

In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function...

SVG++ 代码问题漏洞

SVG++ Ssvgpp is a C++ framework. The framework includes an SVG syntax parser, adapters for handling parsed data, and various utilities. SVGPP A security vulnerability exists in SVG++ that stems from the XMLDocument::getRoot function in the renderDocument function incorrectly handling the...

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to read name of private shelf shelf create by another user and not in public mode. However, due to incorrect HTML render, the application does not work as intended. Proof of Concept - Step 1: Login with admin account and ...

VulnCheck KEV: CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request...

OESA-2021-1468 xorg-x11-server security update

Xorg server common files. Security Fixes: A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. Thi...

Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...

CVE-2021-4008

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

UBUNTU-CVE-2021-4008

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Crafter CMS 访问控制错误漏洞

An access control error vulnerability exists in Crafter CMS, an open source content management system CMS for digital experience applications, which stems from a system that does not validate groovy scripts. An attacker with administrator, developer privileges could use the groovy lib to render...

Mozilla Firefox Security Advisory (MFSA2021-20) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-20. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...

PT-2021-22382 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue allows remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the "/rest/api/1.0/render" endpoint...

ROS-2-976

2.976 Remote code execution in Mozilla Firefox CVE-2021-29952 1. Vulnerability Description: The vulnerability is caused by a race condition in the Web Render components and could potentially be exploited for malicious code execution.Identifier of the Information Security Threats Data Bank of the...

ROS-2-822

2.822 Remote code execution in Mozilla Firefox CVE-2021-29952 1. Vulnerability Description: The vulnerability is caused by a race condition in the Web Render components and could potentially be exploited for malicious code execution.Identifier of the Information Security Threats Data Bank of the...

ROS-2-1270

2.1270 Remote Code Execution in Mozilla Firefox CVE-2021-29952 1. Vulnerability Description: The vulnerability is caused by a race condition in the Web Render components and could potentially be exploited for malicious code execution.Identifier of the Information Security Threats Data Bank of the...

ROS-2-465

2.465 Remote code execution in Mozilla Firefox CVE-2021-29952 1. Vulnerability Description: The vulnerability is caused by a race condition in the Web Render components and could potentially be exploited for malicious code execution.Identifier of the Information Security Threats Data Bank of the...

ROS-2-1240

2.1240 Remote Code Execution in Mozilla Firefox CVE-2021-29952 1. Vulnerability Description: The vulnerability is caused by a race condition in the Web Render components and could potentially be exploited for malicious code execution.Identifier of the Information Security Threats Data Bank of the...

GHSA-7F5C-RPF4-86P8 Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...

PT-2021-22375 · Atlassian · Atlasboard

Name of the Vulnerable Software and Affected Versions: Atlasian Atlasboard versions prior to 1.1.9 Description: The issue allows remote attackers to read arbitrary files via a path traversal vulnerability in the renderWidgetResource resource. Recommendations: For versions prior to 1.1.9, update t...