matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2022-36060 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2022-36060 Source advisory: OSV:GHSA-2X9C-QWGF-94XR...

CVE-2022-46397

CVE-2022-46397 affects FP.io VPP (Vector Packet Processor) versions 19.04 through 22.10. The issue is the generation of a predictable IV when using CBC mode, which is the underlying root cause. Impact described in sources points to high confidentiality impact with no explicit effects on integrity...

CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

PT-2023-14929 · Fp.Io · Fp.Io Vpp

Name of the Vulnerable Software and Affected Versions: FP.io VPP Vector Packet Processor versions 19.04 through 22.10 Description: The issue is related to the generation of a predictable IV with CBC mode. This affects a wide range of versions of the FP.io VPP Vector Packet Processor...

redis-py 安全漏洞

redis-py is a Python based redis interface library. A security vulnerability exists in redis-py versions prior to 4.5.4 and 4.5.x versions prior to 4.5.4. An attacker exploited the vulnerability to send response data to an unrelated requesting client...

Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j96m-mjp6-99xr. This link is maintained to preserve external references. Original Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentati...

GHSA-GV85-XG33-553C Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j96m-mjp6-99xr. This link is maintained to preserve external references. Original Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentati...

CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

DEBIAN-CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

PT-2023-2379

Name of the Vulnerable Software and Affected Versions ImageMagick affected versions not specified Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially craft...

Wrong Implementation of EIP-712

Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...

GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2023-50822)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause arbitrary code execution...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from the American company Audobee Adobe. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from the American company Audobee Adobe. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

PT-2023-1831 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.0 and earlier Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...

PT-2023-1837 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.0 and earlier Description: The issue is a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, where a vict...

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target...

Possible Denial of Service Vulnerability in Rack’s header parsing

There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1 Impact Carefully crafted input can cause header parsing in Ra...

const-cstr is Unmaintained

Last release was about five years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. No direct fork exist. const-cstr is...