GHSA-WFVX-FX73-3RFJ markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

@halo-dev/markdown-renderer (>=1.0.0-alpha.11 <=1.0.0-alpha.50), @jx3box/jx3box-bmap (>=0.0.1 <=0.1.15) +119 more potentially affected by CVE-2020-28455 via markdown-it-toc (=1.1.0)

markdown-it-toc NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-it-toc and may be impacted: - @halo-dev/markdown-renderer =1.0.0-alpha.11, =0.0.1, =1.8.9, =5.4.2, =1.0.3, =0.0.1, =0.1.5, =0.1.0, =0.0.1, =0.1.1, =1.0.6, =0.0....

markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28455

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28455 Cross-site Scripting (XSS)

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

PT-2022-8901 · Unknown · Markdown-It-Toc

Name of the Vulnerable Software and Affected Versions: markdown-it-toc versions affected versions not specified Description: The issue affects the generation of the table of contents toc in markdown-it-toc, where the title of the generated toc and the contents of the header are not properly...

CVE-2021-35090

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

Race condition

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2021-35090

CVE-2021-35090 describes a TOC TOU race condition that could cause hypervisor memory corruption when updating address mappings on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/Industrial IOT/ Mobile). Root cause: TOC-Timing-Of-Check/Time-Of-Use race in kernel memory mappings. Impact st...

CVE-2021-35090

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

CVE-2022-23563

TensorFlow (CVE-2022-23563) describes a TOCTOU race caused by tempfile.mktemp usage, where a temporary file could be created by another process between the check and the actual creation. Several connected sources confirm this insecure temporary-file pattern and note that the fix replaces mktemp w...

Zoom Plugin Code Execution Vulnerability

Zoom Plugin is a plug-in from Zoom ZOOM, Inc. A security vulnerability exists in previous versions of Zoom Plugin for Microsoft Outlook for MacOS 5.3.52553.0918, which stems from a Time of Check Use TOC TOU vulnerability included in the plug-in installation process. An attacker could exploit this...

CVE-2021-34413

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

Code injection

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

CVE-2021-34413

The CVE-2021-34413 entry concerns the Zoom Plugin for Microsoft Outlook on macOS, affecting all versions prior to 5.3.52553.0918. The issue is a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process, enabling a standard user to place a malicious application in t...

CVE-2021-34413

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

@halo-dev/markdown-renderer (>=1.0.0-alpha.11 <=1.0.0-alpha.50), @jx3box/jx3box-bmap (>=0.0.1 <=0.1.15) +119 more potentially affected by CVE-2020-28455 via markdown-it-toc (=1.1.0)

markdown-it-toc NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-it-toc and may be impacted: - @halo-dev/markdown-renderer =1.0.0-alpha.11, =0.0.1, =1.8.9, =5.4.2, =1.0.3, =0.0.1, =0.1.5, =0.1.0, =0.0.1, =0.1.1, =1.0.6, =0.0....

Cross-site Scripting (XSS)

Overview markdown-it-toc is an Adds syntax for an automatically generated table of contents to markdown-it markdown parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The title of the generated toc and the contents of the header are not escaped. PoC // XSS from...

CVE-2020-3684

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...