PYSEC-2024-280

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machdreader.c component...

GHSA-HW42-3568-WJ87 google-oauth-java-client improperly verifies cryptographic signature

Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims e.g., iss, aud, etc.. Signature verification makes sure that the token's payload comes from valid provider, not from someone...

CVE-2023-51510

Cross-Site Request Forgery CSRF vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0...

UBUNTU-CVE-2023-50658

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

aaronblaser-sdk (>=1.0.0 <=1.0.1), actoolkit (>=2.6.4 <=2.6.10) +272 more potentially affected by CVE-2023-43804 via urllib3 (>=2.0.0 <=2.0.5)

urllib3 PYPI version =2.0.0, =1.0.0, =2.6.4, =0.0.1, =0.1.1, =0.5.0, =0.1.23, =0.4.3, =0.4.1, =0.0.12, =0.0.14 and more Source cves: CVE-2023-43804 Source advisory: OSV:GHSA-V845-JXX5-VC9F...

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

SUSE CVE-2022-39046

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

LiftKit database library SQL注入漏洞

LiftKit database library is LiftKit open source a LiftKit database repository . LiftKit database library version 2.13.2 before the SQL injection vulnerability , the vulnerability stems from the file src/Query/Query.php function processOrderBy security issues , resulting in SQL injection...

CVE-2022-38291

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar...

Default credentials

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1

Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...

DEBIAN-CVE-2021-43523

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...

Server side request forgery (ssrf)

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

SUSE-SU-2021:2971-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...

CVE-2021-31661

RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information...

UBUNTU-CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

PT-2021-5558 · Gnu +7 · Glibc +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.32 and 2.33 Description: The issue is related to the mq notify function in the GNU C Library, which has a use-after-free problem. This occurs when the function uses the notification thread attributes object, passed through it...

PT-2021-7599 · Cgal +1 · Cgal Libcgal +1

Name of the Vulnerable Software and Affected Versions: CGAL libcgal version 5.1.1 Description: The issue is related to multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal. A specially crafted malformed file can lead to an out-of-bounds read and type...

Live Networks Liblivemedia Buffer Error Vulnerability

Live Networks Liblivemedia is a C++ based codebase for RTP/RTCP, RTSP, SIP and other protocols from Live Networks, Inc. The library supports POSIX-compliant operating systems and can be used to transmit, receive and process MPEG, H.265, H.264, H.263+, DV or JPEG video and build basic RTSP or SIP...