Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Version 0.8.x of Markdown Preview Enhanced contains security vulnerabilities, which stem from code injection in the WaveDrom rendering pipeline. This vulnerability allows attackers to execute arbitrary...

PT-2022-7087 · Unknown · Qubes-Mirage-Firewall

Name of the Vulnerable Software and Affected Versions: qubes-mirage-firewall versions 0.8.x through 0.8.3 Description: The issue is related to a denial of service caused by a crafted multicast UDP packet. This can lead to CPU consumption and loss of forwarding. The vulnerability can be exploited ...

GitLab 0.8.x < 14.2.6, 14.3.x < 14.3.4, 14.4.x < 14.4.1 Code Injection Vulnerability.

GitLab is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

CVE-2011-3936

CVE-2011-3936 affects FFmpeg/libavcodec DV handling. The vulnerability exists in dv_extract_audio() for FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11 and Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, 0.8.x before 0.8.1. It allows remote attackers to trigger an out-of-bounds ...

Design/Logic Flaw

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle MITM attack...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...