87 matches found
Design/Logic Flaw
u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
CVE-2020-3684
u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
CVE-2020-3684
CVE-2020-3684 describes a local, privilege-relevant issue in Qualcomm Snapdragon platforms where QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by the XBL Loader and applies them without validation. This affects a wide range of Snapdragon p...
@aconex/styleguide (>=2.0.1 <=2.2.0), alinex-report (>=1.0.2 <=1.3.14) potentially affected by unknown CVE via markdown-it-toc-and-anchor (>=2.0.0 <=4.1.2)
markdown-it-toc-and-anchor NPM version =2.0.0, =2.0.1, =1.0.2, =1.3.14 Source cves: unknown CVE Source advisory: OSV:GHSA-X6M6-5HRF-FH6R...
GHSA-X6M6-5HRF-FH6R Denial of Service in markdown-it-toc-and-anchor
All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Denial of Service in markdown-it-toc-and-anchor
All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Tic Toc Pwned
We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That’s the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch...
Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust
h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...
Fedora 29 : python-markdown2 (2018-6a8028084d)
python-markdown2 2.3.6 - pull 282 Add TOC depth option - pull 283 Fix to add TOC html to output via CLI - pull 284 Do not remove anchors in safemode - pull 288 fixing cuddled-lists with a single list item - pull 292 Fix Wrong rendering of last list element - pull 295 link-patterns fix - pull 300...
Denial of Service
Overview All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Fedora 27 : python-markdown2 (2018-e52160d0bc)
python-markdown2 2.3.6 - pull 282 Add TOC depth option - pull 283 Fix to add TOC html to output via CLI - pull 284 Do not remove anchors in safemode - pull 288 fixing cuddled-lists with a single list item - pull 292 Fix Wrong rendering of last list element - pull 295 link-patterns fix - pull 300...
toc.si XSS vulnerability
Open Bug Bounty ID: OBB-640677 Description| Value ---|--- Affected Website:| toc.si Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
gcc security, bug fix, and enhancement update
4.8.5-28.0.1 - Orabug: 27557686 Egeyar Bagcioglu - Introduce 'oraclerelease' into .spec file. Echo it to gcc/DEV-PHASE. 4.8.5-28 - Minor testsuite fixes to clean up test results 1469697 - retpoline support for spectre mitigation 1535655 4.8.5-27 - bump for rebuild with RELRO enabled even for...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
DEBIAN-CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
UBUNTU-CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (3)
No description provided by source. This third version features: Complete support for i386, x8664, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 i.e. functions on exploit code and libc can be...
[PDFMiner] Python PDF parser and analyzer
PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF...
Autodesk SoftImage Scene TOC文件处理远程代码执行漏洞
BUGTRAQ ID: 36637 CVE ID: CVE-2009-3576 Autodesk Softimage是用于生成3D图形、3D模型和动画的图形应用程序。 Softimage默认会保持带有场景内容树的场景目录(.scntoc)文件。场景目录文件是包含有场景信息的XML文件,Softimage会查找相关的场景目录文件并应用其中的信息。用户可以编辑特制的.scntoc文件,加载了该文件后无需用户干涉就可以自动执行脚本。 Autodesk SoftImage XSI 6.x Autodesk SoftImage 7.x 临时解决方法: 通过以下步骤禁止自动读取SCTOC脚本:...