Fedora: Security Advisory for python-pygments (FEDORA-2021-175e686ca6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: python-pygments-2.4.2-8.fc32

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

[SECURITY] Fedora 33 Update: python-pygments-2.6.1-5.fc33

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

Cross site scripting

Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...

CVE-2021-22847 Hyweb HyCMS-J1 - SQL Injection

Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege...

Regular Expression Denial Of Service (ReDoS)

tinymce is vulnerable to regular expression denial of service. The vulnerability allows malicious ruby code samples to cause a denial of service condition in the browser while performing syntax highlighting...

Regex denial of service vulnerability in codesample plugin

Impact A regex denial of service ReDoS vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or...

GHSA-H96F-FC7C-9R55 Regex denial of service vulnerability in codesample plugin

Impact A regex denial of service ReDoS vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or...

CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

Hardcoded credentials

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

Debian: Security Advisory (DLA-2511-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

The vulnerability of the command syntax analyzer in Cisco IOS and Cisco IOS XE operating systems allows a attacker to re-write any files in the host’s basic file system.

The vulnerability of the command syntax analyzer in Cisco IOS and Cisco IOS XE operating systems is related to errors during the verification of command parameters. Exploiting this vulnerability can allow an attacker to re-write any files in the host’s basic file system...

The vulnerability of the command syntax analyzer in Cisco IOS and Cisco IOS XE operating systems allows a attacker to gain access to protected information.

The vulnerability of the command syntax analyzer in Cisco IOS and Cisco IOS XE operating systems is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information...

389-ds:1.4 bug fix update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Bug Fixes: Entries conflict not resolved by replication BZ1904347 Duplicate entryUSN numbers for...

Novel Online Shopping Malware Hides in Social-Media Buttons

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitte...

[SECURITY] [DLA 2481-1] openldap security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2481-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 04, 2020 https://wiki.debian.org/LTS -...

Vulnerability of syntactic analysis and event loading in SVG code of Firefox web browser and Thunderbird email client, allowing attackers to perform cross-site scripting attacks (XSS).

The vulnerability of syntax analysis and event loading in SVG code of Firefox web browsers and Thunderbird email clients is related to the lack of integrity checks. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

CVE-2020-26237

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...

CVE-2020-26237

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...