Lucene search
K

87 matches found

Prion
Prion
added 2020/11/02 7:15 a.m.24 views

Design/Logic Flaw

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

4.6CVSS7.7AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/02 6:21 a.m.23 views

CVE-2020-3684

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

7.8AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2020/11/02 6:21 a.m.57 views

CVE-2020-3684

CVE-2020-3684 describes a local, privilege-relevant issue in Qualcomm Snapdragon platforms where QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by the XBL Loader and applies them without validation. This affects a wide range of Snapdragon p...

7.8CVSS7.7AI score0.00217EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/09/01 9:26 p.m.5 views

@aconex/styleguide (>=2.0.1 <=2.2.0), alinex-report (>=1.0.2 <=1.3.14) potentially affected by unknown CVE via markdown-it-toc-and-anchor (>=2.0.0 <=4.1.2)

markdown-it-toc-and-anchor NPM version =2.0.0, =2.0.1, =1.0.2, =1.3.14 Source cves: unknown CVE Source advisory: OSV:GHSA-X6M6-5HRF-FH6R...

5.8AI score
Exploits0
OSV
OSV
added 2020/09/01 9:26 p.m.13 views

GHSA-X6M6-5HRF-FH6R Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

7.5CVSS7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/09/01 9:26 p.m.51 views

Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

4.5AI score
Exploits0References4Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/04/15 7:21 a.m.124 views

Tic Toc Pwned

We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That’s the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch...

7AI score
Exploits0
Atlassian
Atlassian
added 2019/03/29 2:29 p.m.22 views

Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust

h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.21 views

Fedora 29 : python-markdown2 (2018-6a8028084d)

python-markdown2 2.3.6 - pull 282 Add TOC depth option - pull 283 Fix to add TOC html to output via CLI - pull 284 Do not remove anchors in safemode - pull 288 fixing cuddled-lists with a single list item - pull 292 Fix Wrong rendering of last list element - pull 295 link-patterns fix - pull 300...

6.1CVSS6.1AI score0.00812EPSS
Exploits0References2
Node.js
Node.js
added 2018/12/18 8:9 p.m.17 views

Denial of Service

Overview All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

6.8AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/10/11 12:0 a.m.18 views

Fedora 27 : python-markdown2 (2018-e52160d0bc)

python-markdown2 2.3.6 - pull 282 Add TOC depth option - pull 283 Fix to add TOC html to output via CLI - pull 284 Do not remove anchors in safemode - pull 288 fixing cuddled-lists with a single list item - pull 292 Fix Wrong rendering of last list element - pull 295 link-patterns fix - pull 300...

6.1CVSS6.1AI score0.00812EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2018/07/05 8:40 a.m.12 views

toc.si XSS vulnerability

Open Bug Bounty ID: OBB-640677 Description| Value ---|--- Affected Website:| toc.si Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Oracle linux
Oracle linux
added 2018/04/16 12:0 a.m.87 views

gcc security, bug fix, and enhancement update

4.8.5-28.0.1 - Orabug: 27557686 Egeyar Bagcioglu - Introduce 'oraclerelease' into .spec file. Echo it to gcc/DEV-PHASE. 4.8.5-28 - Minor testsuite fixes to clean up test results 1469697 - retpoline support for spectre mitigation 1535655 4.8.5-27 - bump for rebuild with RELRO enabled even for...

4CVSS1AI score0.00442EPSS
Exploits0
NVD
NVD
added 2016/01/08 7:59 p.m.17 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS3.8AI score0.00394EPSS
Exploits0References7
OSV
OSV
added 2016/01/08 7:59 p.m.2 views

DEBIAN-CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS4.1AI score0.00394EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/01/08 7:59 p.m.28 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS5.9AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2016/01/08 7:59 p.m.5 views

UBUNTU-CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS5.8AI score0.00394EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (3)

No description provided by source. This third version features: Complete support for i386, x8664, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 i.e. functions on exploit code and libc can be...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/12/23 3:57 p.m.38 views

[PDFMiner] Python PDF parser and analyzer

PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2009/11/24 12:0 a.m.27 views

Autodesk SoftImage Scene TOC文件处理远程代码执行漏洞

BUGTRAQ ID: 36637 CVE ID: CVE-2009-3576 Autodesk Softimage是用于生成3D图形、3D模型和动画的图形应用程序。 Softimage默认会保持带有场景内容树的场景目录(.scntoc)文件。场景目录文件是包含有场景信息的XML文件,Softimage会查找相关的场景目录文件并应用其中的信息。用户可以编辑特制的.scntoc文件,加载了该文件后无需用户干涉就可以自动执行脚本。 Autodesk SoftImage XSI 6.x Autodesk SoftImage 7.x 临时解决方法: 通过以下步骤禁止自动读取SCTOC脚本:...

9.3CVSS6.4AI score0.0316EPSS
Exploits7
Rows per page
Query Builder