CVE-2020-36238

CVE-2020-36238 affects Jira Server/Data Center. The vulnerability exists in the /rest/api/1.0/render resource and allows remote anonymous attackers to determine whether a username is valid via a missing permissions check. Affected versions include Jira Server/Data Center before 8.5.13, from 8.6.0...

PT-2021-11975 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Jira Server and Data Center versions 8.5.12 and earlier Jira Server and Data Center versions 8.6.0 through 8.13.4 Jira Server and Data Center versions 8.14.0 through 8.15.0 Description: The issue allows remote anonymous attackers to determine...

Who has the fastest F1 website in 2021? Part 2

Ohhh, you've come back for more? Excellent. I was worried it was just going to be me sat here, typing to myself. This is part 2 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10...

CVE-2021-21383 XSS in Wiki.js

Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained...

CVE-2020-27282

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files...

The vulnerability of the image_render_color_thresh() function (base/gxicolor.c) in the software for processing, transforming, and generating Ghostscript documents allows a hacker to trigger a service failure.

The vulnerability of the imagerendercolorthresh function base/gxicolor.c in the software for processing, transforming, and generating Ghostscript documents is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

PT-2021-8107 · Htmldoc +3 · Htmldoc +3

Name of the Vulnerable Software and Affected Versions: HTMLDOC version 1.9.12 Description: The issue is related to a heap buffer overflow in the render table row function, located in the ps-pdf.cxx component of the HTMLDOC tool. This overflow can lead to arbitrary code execution and denial of...

PT-2021-11867 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: Newsletter plugin versions prior to 6.8.2 for WordPress Description: A Reflected Authenticated Cross-Site Scripting XSS issue allows remote attackers to trick a victim into submitting a tnpc render AJAX request. This request can contain eithe...

CVE-2020-0496

In CPDFRenderStatus::LoadSMask of cpdfrenderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0496

In CPDFRenderStatus::LoadSMask of cpdfrenderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the render and renderFile. If external input is flowing into the options parameter, an attacker is able run...

Template injection vulnerability in Automation for Jira smart values - CVE-2020-14193

Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & /jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are thos...

Design/Logic Flaw

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

@intesso/scratch-paint (=0.2.0), @wdr-data/scratch-render (=0.1.0-prerelease.20180918201144-fixed-1) +13 more potentially affected by CVE-2020-7750 via scratch-svg-renderer (>=0.1.0-prerelease.20180524210316 <=0.2.0-prerelease.20201016121710)

scratch-svg-renderer NPM version =0.1.0-prerelease.20180524210316, =0.0.1, =0.1.0-prerelease.2019-05-26T04-34Z, =0.2.0-prerelease.20181120191526, =0.1.0-prerelease.20210117145449, =0.1.0-prerelease.20200903194013, =0.2.0, =0.1.0-prerelease.20180531210700, =0.1.0, =0.1.0-prerelease.20201214071805,...

Cross-site Scripting (XSS)

m-server is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not sanitize the value of path in the render function of lib/utils.js...

CVE-2020-0359

In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018...

GHSA-9V62-24CR-58CX Denial of Service in node-sass

Affected versions of node-sass are vulnerable to Denial of Service DoS. Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::getimporterentry and CustomImporterBridge::postprocessreturnvalue that crash the Node process. This may allow attackers to...

Malicious Package in cicada-render

All versions of cicada-render contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

GHSA-6M6M-J2HM-PXRG Malicious Package in cicada-render

All versions of cicada-render contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Artifex Software Ghostscript Buffer Overflow Vulnerability (CNVD-2020-46256)

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...