Lucene search
K

46 matches found

Github Security Blog
Github Security Blog
added 2024/01/11 3:20 p.m.100 views

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys as opposed to only values as user input, and renders these in pages that other user...

6.1CVSS6.9AI score0.00892EPSS
Exploits0References10Affected Software1
Amazon
Amazon
added 2022/03/08 12:0 a.m.41 views

Medium: expat

Issue Overview: expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to...

9.8CVSS8.1AI score0.04525EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/01/24 5:32 p.m.70 views

CVE-2022-22827

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

8.8CVSS2.1AI score0.02778EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2018:2814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.0229EPSS
Exploits0References16
Zero Day Initiative
Zero Day Initiative
added 2018/01/18 12:0 a.m.506 views

Wecon LeviStudioU G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

4.6CVSS3.4AI score0.02292EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/01/18 12:0 a.m.493 views

Wecon LeviStudioU General FigureFile Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

4.6CVSS3.3AI score0.01139EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/01/18 12:0 a.m.502 views

Wecon LeviStudioU MulStatus szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

4.6CVSS3.4AI score0.02292EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.30 views

(0Day) WECON LeviStudio CommSet Port Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.18 views

(0Day) WECON LeviStudio BaseSet ScrIDWordAddr Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.12 views

(0Day) WECON LeviStudio PLC Type Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.16 views

(0Day) WECON LeviStudio BaseSet HMINAME Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.27 views

(0Day) WECON LeviStudio BaseSet PowerEnterTime Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.16 views

(0Day) WECON LeviStudio BaseSet EnterTime Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.27 views

(0Day) WECON LeviStudio BaseSet CurScrIdAddr Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.31 views

(0Day) WECON LeviStudio HmiSet Type Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/06/29 12:0 a.m.31 views

(0Day) WECON LeviStudio HmiSet Style Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.2CVSS7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/05/09 2:4 p.m.7 views

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

5CVSS7.3AI score0.038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/21 2:42 p.m.4 views

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

5CVSS7.3AI score0.038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/21 1:46 p.m.8 views

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

5CVSS7.3AI score0.038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/20 7:34 p.m.57 views

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS6.8AI score0.92334EPSS
Exploits1References7
Rows per page
Query Builder