PT-2021-7814 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: A memory corruption issue exists in the XML-parsing CreateLabelOrAttrib functionality. This can be triggered by a specially crafted XML file, leading to a heap buffer overflow. An attacker can exploit this by...

Charm 加密问题漏洞

Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. A cryptographic issue vulnerability exists in Charm version 0.43. Using this vulnerability any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

PDF2JSON 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the XRef::fetch function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

PT-2021-6688 · Libass +2 · Libsass +2

Name of the Vulnerable Software and Affected Versions: libass versions 0.15.x through 0.15.0 Description: The issue is related to the decode chars function of the libass subtitle renderer, which is used for ASS/SSA formats. It involves the use of an incorrect integer data type for subtraction,...

GNU LibreDWG 缓冲区错误漏洞

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability via the bitcalcCRC ... /... /src/bits.c:2213 to exploit the vulnerability and cause a heap buffer overflow...

Prosodical Thoughts Prosody 竞争条件问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to obtain sensitive information...

ezXML 缓冲区错误漏洞

ezXML is a C library for parsing XML documents . A heap buffer overflow vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmldecode function when parsing a specially crafted XML file. An attacker could exploit this...

sec-certs (>=0.0.0 <=0.0.1) potentially affected by CVE-2021-29421 via pikepdf (=2.0.0)

pikepdf PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on pikepdf and may be impacted: - sec-certs =0.0.0, =0.0.1 Source cves: CVE-2021-29421 Source advisory: OSV:GHSA-CCGM-3XW4-H5P8...

ezXML out-of-bounds write vulnerability (CNVD-2021-30593)

ezXML is a C library for parsing XML documents . An out-of-bounds write vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmlparsestr function when parsing a specially crafted XML file. An attacker could exploit the...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability existed in Rust prior to version 0.9.1. The vulnerability stemmed from a lack of soundness in the program DrainFilter due to two drops...

GHSA-4W2V-Q235-VP99 Axios vulnerable to Server-Side Request Forgery

Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...

JupyterHub Security Breach

JupyterHub is a multi-user server for Jupyter. A security vulnerability exists in jupyterhub-systemdspawner, which stems from a vulnerability in systemdspawner that allows JupyterHub to generate single-user laptop servers using systemd. Prior to version 0.15, user API tokens sent to the single-us...

Mhart Stringstream Buffer Error Vulnerability

Mhart Stringstream is a JS-based code library for converting Stream data streams directly to string type by Mhart individual developers. A buffer error vulnerability exists in the Node.js stringstream module prior to version 0.0.6, which stems from susceptibility to out-of-bounds reads, as an...

SQL Injection Vulnerability in Waychar Enrollment System VER 0.30 Article Query Function

Waychar Registration System is a free race registration system. A SQL injection vulnerability exists in the VER 0.30 article query function of the waychar registration system, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in waychar enrollment system VER 0.30

Waychar Registration System is a free race registration system. A SQL injection vulnerability exists in waychar registration system VER 0.30, which can be exploited by attackers to obtain sensitive information...

PT-2020-15489 · Jenkins · Jenkins Custom Job Icon Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Custom Job Icon Plugin versions 0.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the job descriptions in tooltips are not properly escaped. Attackers with...

UBUNTU-CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

GNU LibreDWG Null Pointer Dereference Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A resource management error vulnerability exists in GNU LibreDWG versions prior to 0.11. The vulnerability stems from mismanagement of system resources e.g., memory, disk space, files, etc. by a networked system or product. An...

CVE-2020-15100

In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1...

The vulnerability of the Videolabs libmicrodns 0.1.0 message parser allows a malicious actor to cause a service failure by exploiting a resource consumption issue in the VideoLAN VLC media player.

The vulnerability of the Videolabs libmicrodns 0.1.0 message parser, when used with the VideoLAN VLC media player, is related to an uncontrolled resource consumption during the analysis of mDNS messages. Exploiting this vulnerability could allow a malicious actor to cause service failures remotel...