Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

PT-2025-53992

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists within the ksmbd module, specifically in the smb2 lock function. The issue occurs when the argv variable is not properly freed under certain conditions: when setup...

UBUNTU-CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

SUSE CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

Forta GoAnywhere Zero-Day Exploited By Threat Actors

On February 1st, 2023, Forta released an advisory behind an auth wall notifying their customers of a remote code execution zero-day exploit affecting their GoAnywhere Managed File Transfer MFT application. This was picked up by Brian Krebs, an investigative journalist who published this on his...

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

SUSE CVE-2005-3737

Buffer overflow in the SVG importer style.cpp of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values...

SUSE CVE-2006-3404

Buffer overflow in the xcfloadvector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via an XCF file with a large numaxes value in the VECTORS property...

SUSE CVE-2006-5706

Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass openbasedir restrictions and perform unspecified actions via unspecified vectors involving the 1 chdir and 2 tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494...

SUSE CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption...

SUSE CVE-2007-0776

Heap-based buffer overflow in the cairopeninit function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file...

SUSE CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

SUSE CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

SUSE CVE-2008-2933

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...