Astra Linux - уязвимость в firefox

Search queries in the default search engine might appear to be the currently navigated URL, provided that the search query itself is a properly formed URL. This could lead to a site spoofing another site, if it was maliciously set as the default search engine. This vulnerability affects Firefox...

XML Injection

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection in the serialization of DocumentType nodes when attacker-controlled values are provided to the...

XML Injection

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to XML Injection vi...

XML Injection

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the createProcessingInstruction function. An attacker can inject arbitrary XML nodes into the...

XML Injection

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the createProcessingInstruction function. An attacker can inject arbitrary XML nodes into the serialized output...

Rocky Linux 8 : subversion:1.10 (RLSA-2020:4712)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:4712 advisory. - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request...

CVE-2022-39353

A flaw was found in the xmldom package. The xmldom parses XML that is not well-formed because it contains multiple top-level elements, adding all root nodes to the childNodes collection of the Document without reporting errors or throwing. This breaks the assumption that there is only a single ro...

libreoffice security, bug fix, and enhancement update

libcmis 0.5.2-1 - Related: rhbz1796893 update to 0.5.2 liborcus 0.14.1-1 - Related: rhbz1796893 update to 0.14.1 libreoffice 6.3.6.2-3.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure...

CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

[SECURITY] Fedora 29 Update: elfutils-0.174-1.fc29

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

Debian Security Advisory DSA 3321-1 (xmltooling - security update)

The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service crash via crafted XML data. OpenVAS Vulnerability Test...

GNU less 'is_utf8_well_formed()' remote buffer overflow vulnerability

GNU less is a More-like program in GNU, a free software engineering project. GNU less 'isutf8wellformed' remote buffer overflow vulnerability. Allows remote attackers to exploit this vulnerability to crash an application...

[SECURITY] Fedora 20 Update: elfutils-0.158-3.fc20

Elfutils is a collection of utilities, including ld a linker, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, and elflint to check for well-formed ELF files...

Debian Security Advisory DSA 1833-2 (dhcp3)

The remote host is missing an update to dhcp3 announced via advisory DSA 1833-2. OpenVAS Vulnerability Test $Id: deb18332.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1833-2 dhcp3 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...