CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

@0xgg/echomd (>=1.0.0 <=1.0.4), @budibase/client (>=3.8.2 <=3.24.3) +117 more potentially affected by CVE-2020-7690 via jspdf (>=1.0.272 <=1.5.2)

jspdf NPM version =1.0.272, =1.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =1.54.0, =0.2.1, =1.1.4, =0.0.0-dev.0ebca38, =1.0.0, =0.0.98, =1.15.0-alpha.1, =1.18.11 and more Source cves: CVE-2020-7690 Source advisory: OSV:GHSA-VH59-V9R5-4MH4...

Insecure template handling in haml-coffee

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

Cross site scripting

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

CVE-2021-32818 Remote code execution and Reflected cross site scripting in haml-coffee

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

PT-2021-19952 · Unknown +1 · Squirrelly +1

Name of the Vulnerable Software and Affected Versions: Squirrelly versions prior to 9.0.0 Description: Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. It mixes pure template data with engine configuration options through the Express render API. ...

PT-2021-19950 · Unknown · Express-Hbs

Name of the Vulnerable Software and Affected Versions: express-hbs affected versions not specified Description: The issue arises from express-hbs mixing pure template data with engine configuration options through the Express render API, potentially leading to file disclosure vulnerabilities in...

Ubuntu: Security Advisory (USN-4942-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of Web Render components in the Firefox web browser allows a hacker to execute arbitrary code within the system.

The vulnerability of Web Render components in the Firefox web browser arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code within the system...

UBUNTU-CVE-2021-32491

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render in tools/ddjvu via crafted djvu file may lead to application crash and other consequences...

PT-2021-3123

Name of the Vulnerable Software and Affected Versions DjVuLibre versions 3.5.28 and earlier Description The issue is related to an integer overflow in the render function in the tools/ddjvu component of DjVuLibre. This can be exploited by a remote attacker using a crafted djvu file, potentially...

USN-4942-1: Firefox vulnerability

A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code...

USN-4942-1 firefox vulnerability

A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code...

UBUNTU-CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3 — Mozilla

By triggering multiple pop-up prompts containing javascript: URLs, a malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability.Note: This issue only...

Mozilla Firefox < 88.0.1

The version of Firefox installed on the remote Windows host is prior to 88.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-20 advisory. - When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume tha...

Google Android 代码问题漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. A denial of service vulnerability exists in Google Android 11. The vulnerability is caused due to a denial of service due to a missing null check in the RenderStruct of...

Who has the fastest F1 website in 2021? Part 7

This is part 7 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check...