Skip to content
Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery. For Debian 10 buster, this problem has been fixed in version…
Multiple vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash or information leak.…
Several security vulnerabilities have been addressed in Wordpress, a popular content management framework. WordPress Core is vulnerable to Directory Traversal via the ¢''wp_lang¢''…
Several security vulnerabilities have been addressed in Wordpress, a popular content management framework. WordPress Core is vulnerable to Directory Traversal via the ¢''wp_lang¢''…
An issue has been found in libfastjson, a fast json library for C. Due to missing checks, out-of-bounds write might happen when parsing large JSON files.…
Erik Krogh Kristensen and Rasmus Petersen from the GitHub Security Lab discovered a ReDoS (Regular Expression Denial of Service) vulnerability in python-mechanize, a library to automate interaction with websites modeled after the Perl module WWW::Mechanize, which could lead to…
libxpm is a library handling X PixMap image format (so called xpm files). xpm files are an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications.…
Niels Dossche and Tim D'¼sterhus discovered that PHP's implementation of the SOAP HTTP Digest authentication did not check for failures, which may result in a stack information leak. Furthermore, the code used an insufficient number of random bytes.…
MaraDNS is a small and lightweight cross-platform open-source DNS server. CVE-2022-30256…
Requests, a Python HTTP library, has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior…
Several security vulnerabilities have been discovered in golang-go.crypto, the supplementary Go cryptography libraries. CVE-2019-11840…
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.…
Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows and out-of-bounds reads may lead to a denial-of-service (application crash) or other unspecified impact.…
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version…
Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processed.…
A couple of security issues were discovered in ruby2.5, the Ruby interpreter, and are as follows - CVE-2021-33621…
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464…
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.…
Two regular expression Denial of Service (ReDoS) issues were discovered in Ruby: the first in the URI component, and the second in the Time module. Each of these issues could have resulted in a dramatic increase in execution time given…
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.…
文 » A
Scroll Up
×
![]()
