23145 matches found
[SECURITY] Fedora 42 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc42
A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and...
HDF5 安全漏洞
HDF5 Hierarchical Data Format version 5 is an open source library and file format for storing and organizing large amounts of data. A buffer overflow vulnerability exists in the HDF5 H5FSsinfoserializesectcb function. The vulnerability stems from the function failing to properly check buffer...
Advanced XSS Exploitation - How to Create Keylogger and Get Password
In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to create keyloggers and send the content typed by the client to an external server, where the attacker will have access to messages, passwords, etc. The paper is primarily focusing on a...
HDF5 安全漏洞
HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Faddrencodelen function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...
HDF5 资源管理错误漏洞
HDF5 Hierarchical Data Format version 5 is an open source library and file format for storing and organizing large amounts of data. The HDF5 H5FLblkgclist function releases a post heap usage vulnerability that can be exploited by an attacker to cause out-of-bounds reads and potentially crash an...
HDF5 安全漏洞
HDF5 is an HDF open source library. A security vulnerability exists in HDF5 1.14.6 and earlier versions, which stems from a heap buffer overflow in the H5Omsgflush function and requires local access...
HDF5 安全漏洞
HDF5 is a library of HDF open source . HDF5 has a double release vulnerability, which originates from the double release of the parameter mem of the function H5MMrealloc in the file src/H5MM.c. There are no detailed vulnerability details provided...
jinja2: Jinja sandbox breakout through attr filter selecting format method
A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...
SUSE CVE-2025-27834
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdffunc.c...
HDF5 H5T__bit_copy function buffer overflow vulnerability
HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Tbitcopy function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...
HDF5 H5MM_strndup function buffer overflow vulnerability
HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5MMstrndup function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...
libming 缓冲区错误漏洞
libming is an open source Flash SWF output library written in C by Ming. A security vulnerability exists in libming version 0.4.8, which stems from a segmentation error in the decompileRETURN function that could lead to a denial of service...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2018-17336 DESCRIPTION: UDisks could allow a local attacker to obtain sensitive information, caused by a format string vulnerability in udiskslog in udiskslogging.c. By using a...
UBUNTU-CVE-2025-27834
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdffunc.c...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
...
Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞
Inaba Denki Sangyo CHOCO TEI WATCHER mini is a series of surveillance cameras from Inaba Denki Sangyo. A security vulnerability exists in Inaba Denki Sangyo CHOCO TEI WATCHER mini that originates from storing passwords in a recoverable format, which could lead to an attacker obtaining a user's...
Artifex Ghostscript 安全漏洞
Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Formatting PDL. A security vulnerability exists in Artifex Ghostscript versions prior to 10.05.0, which is caused by an oversized Type 4...
PT-2025-34320
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: A flaw exists in the parsing of PRC files due to insufficient validation of user-supplied data, leading to a read past the end of an allocated buffer. An attacker can leverage this...
jinja2: Jinja sandbox breakout through attr filter selecting format method
A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...