[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6552 Download | Alert*

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability.

A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress.

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.

Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a <math> or <svg> element may not be sanitized correctly even if math and svg are not in the allowlist.

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks, access sensitive information, or execute arbitrary code.

The update for python-lxml released as 4810-1 introduced a regression when running under Python 2. Updated python-lxml packages are now available to correct this issue.

The update for minidlna released as DSA 4806-1 introduced a regression when purging the package. Updated minidlna packages are now available to correct this issue.

The update for python-apt released as DSA 4809-1 introduced a regression when passing a file descriptor to apt_inst.ArFile or apt_inst.DebFile causing a segmentation fault. Updated python-apt packages are now available to correct this issue.

The update for libgstreamer-plugins-bad1.0-dev released as DSA 4833-1 choosed a package version incompatible with binNMUs and prevented upgrades to the fixed packages. Updated libgstreamer-plugins-bad1.0-dev packages are now available to correct this issue.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.


Pages:      Start    634    635    636    637    638    639    640    641    642    643    644    645    646    647    ..   655

© SecPod Technologies