4 matches found
GHSA-99F9-J8R3-P853 Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)
Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...
liboqs 缓冲区错误漏洞
Liboqs is an open-source project under Open Quantum Safe, which is an open-source C library for quantum secure encryption algorithms. Versions of Liboqs prior to 0.16.0 contained a buffer error vulnerability. This vulnerability stems from out-of-bounds reads in the XMSS and XMSS^MT state signatur...
liboqs 缓冲区错误漏洞
Liboqs is an open-source project under Open Quantum Safe, which is an open-source C library for quantum secure encryption algorithms. Versions of Liboqs prior to 0.16.0 contained a buffer error vulnerability. This vulnerability stems from the XMSS and XMSS^MT state signature verification code. Wh...
PT-2023-21712 · Unknown · Svg-Sanitizer
Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.16.0 Description: A bypass has been found in the savg-sanitizer library that allows an attacker to upload an SVG with persistent cross-site scripting. The issue arises from incorrect sanitization of HTML...