10 matches found
EUVD-2010-3056
Malware in sbrugna...
Uncontrolled Recursion
Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion. Remediation...
Denial Of Service (DoS)
freetype is vulnerable to denial of service DoS. The vulnerability exists as a stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character seac calls. If a user loaded a specially-craft...
Cross site scripting
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...
UBUNTU-CVE-2014-6393
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...
CVE-2014-6393
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...
UBUNTU-CVE-2014-1560
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service X.509 certificate parsing outage via a crafted certificate that does not use ASCII character encoding in a required context...
CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...
Design/Logic Flaw
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...
CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...