Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome URL formatting. An attacker can exploit this vulnerability to bypass security restrictions...

KLA12106 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A heap buff...

The vulnerability of the order formatting module of the Magento Commerce software platform, which is used for developing and managing online stores, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the order processing module of the Magento Commerce software platform for developing and managing online stores is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized...

AZL-40857 CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

AZL-75813 CVE-2020-28493 affecting package nodejs24 for versions less than 24.13.0-1

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

ALPINE-CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

PYSEC-2021-66

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

[SECURITY] Fedora 31 Update: lout-3.40-18.fc31

Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on...

[SECURITY] Fedora 32 Update: lout-3.40-18.fc32

Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on...

[SECURITY] Fedora 33 Update: lout-3.40-18.fc33

Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on...

Fedora: Security Advisory for lout (FEDORA-2020-81c80ff1ed)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for lout (FEDORA-2020-869cd99560)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1478-1 Security update for fossil

This update for fossil fixes the following issues: - fossil 2.12.1: CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 Security fix in the 'fossil git export' command. New 'safety-net' features were added to prevent...

[SECURITY] Fedora 31 Update: lilypond-2.19.84-3.fc31

LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files...

The vulnerabilities of the formatting.php and SanitizeFileName.php components of the WordPress content management system allow attackers to compromise data integrity.

The vulnerability of the formatting.php and SanitizeFileName.php components of the WordPress content management system is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

The vulnerability of Google Chrome’s URL formatting mechanism, related to a resource management mechanism error, allows attackers to compromise data integrity.

The vulnerability of Google Chrome’s URL formatting mechanism is related to a bug in the system’s resource management mechanism. Exploiting this vulnerability allows an attacker to compromise data integrity through a specially created domain name...

The vulnerability of Google Chrome’s URL formatting mechanism allows a perpetrator to compromise data integrity.

The vulnerability of Google Chrome’s URL formatting mechanism is related to a bug in the system’s resource management mechanism. Exploiting this vulnerability allows an attacker to compromise data integrity through a specially created domain name...

CVE-2020-7688

The CVE-2020-7688 issue affects the npm package mversion . The vulnerability arises because the value of the input field tagName is formatted into a call to exec() without validation, enabling potential command injection. A proof-of-concept demonstrates injecting shell commands via tagName, illus...

CVE-2017-9106

An issue was discovered in adns before 1.5.2. adnsrrinfo mishandles a bogus datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun depending on the sizes of the types on...

UBUNTU-CVE-2017-9106

An issue was discovered in adns before 1.5.2. adnsrrinfo mishandles a bogus datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun depending on the sizes of the types on...