None in bobthecow/mustache.php

Description In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable. Proof of Concept './cache', 'strictcallables'=true ; echo $m-render' repo phpinfo;// No repos : / repo phpinfo;// ',...

GSD-2021-1002539 arm64: uaccess: avoid blocking within critical sections

arm64: uaccess: avoid blocking within critical sections This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.6 by commit...

Security update for binutils (moderate)

openSUSE Security Update: Security update for binutils Announcement ID: openSUSE-SU-2021:1475-1 Rating: moderate References: 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454 1180461 1181452 1182252 1183511 1183909 1184519 1184620 1184794 1188941 1191473 1192267 PM-2767 SLE-18637...

Apple 多款产品安全漏洞

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple watchOS is an operating system for smartwatches. A security vulnerability exists in multiple Apple products, which originates from ...

USN-5124-1: GNU binutils vulnerabilities

It was discovered that GNU binutils incorrectly handled certain hash lookups. An attacker could use this issue to cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-16592 It was discovered that GNU binutils incorrectly handled certain corru...

USN-5124-1 binutils vulnerabilities

It was discovered that GNU binutils incorrectly handled certain hash lookups. An attacker could use this issue to cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-16592 It was discovered that GNU binutils incorrectly handled certain corru...

CLSA-2021-1634922380 Fixed CVE-2021-3487 in binutils

CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection...

Indexhibit Cross-Site Scripting Vulnerability

Indexhibit, a web-based content management system, is vulnerable to a stored cross-site scripting vulnerability in the Sections module in Indexhibit version 2.1.5. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-18126

CVE-2020-18126 concerns Indexhibit 2.1.5 where the Sections module exposes multiple stored XSS vulnerabilities. The affected component is the Sections module within Indexhibit, version 2.1.5. The flaws allow attackers to inject and execute arbitrary web scripts/HTML in users’ browsers, via stored...

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

Indexhibit 跨站脚本漏洞

Indexhibit, a web-based content management system, is vulnerable to a stored cross-site scripting vulnerability in the Sections module in Indexhibit version 2.1.5. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

PT-2021-7938 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU binutils version 2.36 Description: An out of bounds flaw was found in the GNU binutils objdump utility. This issue is related to the avr elf32 load records from section function and can result in a crash or memory corruption if a large...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters...

CVE-2021-29387

Multiple stored cross-site scripting XSS vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters...

PT-2022-9885 · Jhead +4 · Jhead +4

Name of the Vulnerable Software and Affected Versions: jhead versions 3.04 through 3.05 Description: A Heap-based Buffer Overflow issue exists, allowing for a Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. Recommendations: For jhead versions 3.04 and 3.05, consider disabling...

CVE-2021-27695

Multiple stored cross-site scripting XSS vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters...