02strich-markdown (>=1.0.0 <=1.0.2), 10secondsofcode-custom (=1.0.0) +11511 more potentially affected by CVE-2020-7753 via trim (=0.0.1)

trim NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on trim and may be impacted: - 02strich-markdown =1.0.0, =1.0.0, =0.0.2, =0.0.1, =4.11.0, =0.1.0, =0.0.2, =0.2.0, =1.0.16, =1.2.0, =1.2.2 and more Source cves: CVE-2020-7753 Source...

Regular Expression Denial of Service (ReDoS)

Overview trim is a Trim string whitespace Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the trim method. PoC by Liyuan Chen: js var trim = require"trim" function buildattack n var ret = "1" for var i = 0; i n; i++ ret += " " return ret + "1"; v...

DRUPAL-CONTRIB-2019-092

The Smart Trim module allows site builders additional control with text summary fields. The module doesn't sufficiently filter text when certain options are selected. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when...

Smart Trim - Moderately critical - Cross site scripting - SA-CONTRIB-2019-092

The Smart Trim module allows site builders additional control with text summary fields. The module doesn't sufficiently filter text when certain options are selected. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when...

UBUNTU-CVE-2018-9543

In trimdevice of f2fsformatutils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

UBUNTU-CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

libConfuse Buffer Overflow Vulnerability

libConfuse is a configuration file parser library written in C. It can be used for a variety of purposes. An out-of-bounds read vulnerability exists in the trimwhitespace of the lexer.l file in libConfuse version 3.2.1. A remote attacker can exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2018-14447

trimwhitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read...

ALPINE-CVE-2018-14447

trimwhitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read...

Fast C++ CSV Parser Buffer Error Vulnerability

Fast C++ CSV Parser a.k.a. fast-cpp-csv-parser is a parser written in C++ for reading comma separated value CSV files. Fast C++ CSV Parser A heap buffer overflow vulnerability exists in the 'io::trimchars' function of the csv.h file in versions prior to 2018-07-06. An attacker can exploit this...

Chrome V8 KeyAccumulator Bug

Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of the result array of "Reflect.ownKeysarr". 2. The shift method invokes the...

DEBIAN-CVE-2018-13421

Fast C++ CSV Parser aka fast-cpp-csv-parser before 2018-07-06 has a heap-based buffer over-read in io::trimchars in csv.h...

UBUNTU-CVE-2018-13421

Fast C++ CSV Parser aka fast-cpp-csv-parser before 2018-07-06 has a heap-based buffer over-read in io::trimchars in csv.h...

TRIM and PVS: vDisks may Reduce in Size after a Merged Base

After performing a Merged Base operation on a vDisk that is utilizing the VHDX file format, the resultant merged base VHDX file may be smaller than the original base VHDX file. For example, this behavior might occur in situations where files are deleted in a particular vDisk version, and these...

easy-trim.co.uk XSS vulnerability

Vulnerable URL: http://www.easy-trim.co.uk/search.php?s=%27%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5858250 VIP website status:| No Coordinated...

destoon waf 绕过漏洞 （二）

简要描述： stripsql是destoon主要的安全防御函数。主要防御大多数情况下的注入漏洞。这个函数如果可以被绕过。那么会引发多个位置的注入漏洞。 详细说明： stripsql函数位于 \include\safe.func.php,38行 function stripsql$string, $type = 1 $match =...

Oracle: Security Advisory (ELSA-2013-1645)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Drupal Smart Trim module cross-site scripting vulnerability (CNVD-2015-05695)

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Smart Trim is one of the text field formatting modules. A cross-site scripting vulnerability exists in the Drupal Smart Trim module in versions 7.x-1.5 prior to 7.x-1.x. A remote attack...

CVE-2015-5489

Cross-site scripting XSS vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form...

Cross site scripting

Cross-site scripting XSS vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form...