Nuitka 代码注入漏洞

Nuitka is a Python compiler that freely uses all Python library modules and all extensions. A code injection vulnerability exists in Nuitka before 0.9, which stems from a command injection problem...

OESA-2022-1700 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Ruby vulnerabilities (USN-5462-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5462-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute...

GtkRadiant 1.6.6 Buffer Overflow Exploit

===== Intro ===== GtkRadiant is a cross-platform level editor software for idtech game engines such as Quake. It comes with data authoring tools and a BSP map compiler called q3map2 which parses MAP files. The code has been around for a long time and uses unsafe string copy and format functions. ...

GtkRadiant 1.6.6 Buffer Overflow

===== Intro ===== GtkRadiant is a cross-platform level editor software for idtech game engines such as Quake. It comes with data authoring tools and a BSP map compiler called q3map2 which parses MAP files. The code has been around for a long time and uses unsafe string copy and format functions. ...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

GHSA-9F3P-WVJ7-Q82X Cargo prior to Rust 1.26.0 may download the wrong dependency

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

Cargo prior to Rust 1.26.0 may download the wrong dependency

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

Jenkins Splunk Plugin Sandbox Bypass

Jenkins Splunk Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST...

The vulnerability of the Twig template compiler, which exists due to the lack of measures taken to neutralize special elements, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Twig template compiler exists because measures to neutralize special elements are not taken. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information by executing certain PHP...

Malicious code in speedy-ts-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e169a7981c2abffdf7307332d399464dd770067c107f40e8a7c7b6c62fe06e3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6234 Malicious code in speedy-ts-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e169a7981c2abffdf7307332d399464dd770067c107f40e8a7c7b6c62fe06e3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by for example sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKECXXCOMPILER=afl-clang-fast++ option...

PT-2022-20309 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: xpdf version 4.04 Description: The issue arises when xpdf allocates excessive memory in response to crafted input. This can be triggered by sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE CX...

com.bugvm:bugvm-compiler (>=1.0.0 <=1.1.5), com.carrotsearch.randomizedtesting:ant-junit4 (>=0.0.3 <=0.0.4) +58 more potentially affected by CVE-2017-1000190 via org.simpleframework:simple-xml (>=2.1.3 <=2.7)

org.simpleframework:simple-xml MAVEN version =2.1.3, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.22, =2.3.1-ios11, =1.0.2, =1.0.1, =1.1.0.1 and more Source cves: CVE-2017-1000190 Source advisory: OSV:GHSA-F5QF-VH69-9Q4R...

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

GHSA-XFWJ-2F34-32F5 Jenkins Groovy Plugin sandbox bypass vulnerability

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...

rust-toolset:rhel8 security, bug fix, and enhancement update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...

llvm-toolset:rhel8 bug fix and enhancement update

An update is available for compiler-rt, lldb, lld, llvm, llvm-toolset, clang, libomp, python-lit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed...

NewStart CGSL CORE 5.05 / MAIN 5.05 : dhcp Vulnerability (NS-SA-2022-0027)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dhcp packages installed that are affected by a vulnerability: - In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x...