Skip to content
Han Zheng discovered an out-of-bounds write in w3m, a text based web browser and pager. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service (DoS) or…
An auto-block can occur for an untrusted X-Forwarded-For header in MediaWiki, a website engine for collaborative work. X-Forwarded-For is not necessarily trustworthy and can specify multiple IP…
Several vulnerabilities have been found in qt4-x11, a graphical windowing toolkit. CVE-2021-3481…
Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially allowing to crash the server, information disclosure or Cross-Site-Scripting attacks.…
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-40982…
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-40982…
LXC is a Linux Containers userspace tool set. Maher Azzouzi reported that the lxc-user-nic command, included in LXC, allowed unprivileged users to infer whether any file exists, even in protected directory trees.…
It was discovered that Flask, a lightweight WSGI web application framework, will under certain conditions cache a response containing data intended for one client and subsequently may send the response to other clients.…
It was discovered that UnRAR, an unarchiver for rar files, allows extraction of files outside of the destination folder via symlink chains. For Debian 10 buster, this problem has been fixed in version…
The RAR archiver allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.…
It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user¢''s system and execute arbitrary…
open-vm-tools is a package that provides Open VMware Tools for virtual machines hosted on VMware. It was discovered that Open VM Tools incorrectly handled certain…
Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit: CVE-2023-3446, CVE-2023-3817…
Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit: CVE-2023-3446, CVE-2023-3817…
datatables.js is a jQuery plug-in that makes nice tables from different data sources. It was discovered that if an array is passed to the HTML escape entities…
Two vulnerabilities have been fixed in poppler, a PDF rendering library. CVE-2020-36023…
Another regression was identified in Netatalk, the Apple Filing Protocol service, introduced with the patch for CVE-2022-23123. It is impacting a subset of users that have certain metadata in their shared files. The issue leads to an unavoidable crash and…
SoX is a command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files during the conversion.…
LibreOffice an office productivity suite was affected by multiple vulnerabilities. CVE-2022-3874…
LibreOffice an office productivity suite was affected by multiple vulnerabilities. CVE-2022-3874…
文 » A
Scroll Up
×
![]()
