Astra Linux – Vulnerability in Golang-github-appc-cni

A flaw in path name limitations was identified in containernetworking/cni in versions prior to 0.8.1. When specifying the plugin to be loaded in the ‘type’ field of the network configuration, it is possible to use special elements such as “/” separators to reference binaries located elsewhere on...

Bare Metal Operator 安全漏洞

Bare Metal Operator is a Metal3 open source application that uses the Kubernetes API to manage bare metal hosts. A security vulnerability exists in Bare Metal Operator versions prior to 0.8.1 and 0.9.1 that stems from improper access control and could lead to secret disclosure...

PT-2024-40917 · Sqlx · Sqlx

Name of the Vulnerable Software and Affected Versions: sqlx versions prior to 0.8.1 Description: The issue concerns a potential SQL injection vulnerability due to an overflow in the protocol level when encoding values larger than 4GiB. This can cause the server to interpret the rest of the string...

DEBIAN-CVE-2024-42458

server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...

UBUNTU-CVE-2024-42458

server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...

PT-2024-24085 · Docsgpt · Docsgpt

Name of the Vulnerable Software and Affected Versions: DocsGPT versions prior to 0.8.1 Description: The issue is related to an unauthenticated limited file write in routes.py. This allows for unauthorized access to write files, potentially leading to further exploitation. The estimated number of...

libjxl 缓冲区错误漏洞

libjxl is a reference implementation of PEG XL encoder and decoder. A security vulnerability exists in libjxl versions prior to 0.8.1, which stems from the presence of an out-of-bounds read, and can be exploited by an attacker to cause an out-of-bounds read using a specially crafted file...

PT-2022-24956 · Alibaba · Aliyun-Oss-Client

Name of the Vulnerable Software and Affected Versions: aliyun-oss-client versions prior to 0.8.1 Description: The aliyun-oss-client unintentionally divulges the authentication secret. Users of this library will be affected, as the incoming secret will be disclosed unintentionally. Recommendations...

PT-2019-14542 · Gophish · Gophish

Name of the Vulnerable Software and Affected Versions: Gophish versions prior to 0.8.1 Description: The issue allows for XSS via a username. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited...

mistune Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...

xkbcommon infinite recursion vulnerability

xkbcommon is a keyboard key mapping compiler and support library. An infinite recursion vulnerability exists in versions of xkbcommon prior to 0.8.1, which can be exploited by a local attacker to crash an xkbcommon user by submitting a specially crafted keymap file...

xkbcommon infinite loop vulnerability

xkbcommon is a keyboard key mapping compiler and support library. An infinite loop vulnerability exists in the compose/parser.c file in versions of xkbcommon prior to 0.8.1, which can be exploited by a local attacker to cause a denial of service with the help of a specially crafted keymap file...

xkbcommon null pointer dereference vulnerability (CNVD-2019-02661)

xkbcommon is a keyboard key mapping compiler and support library. A null pointer dereference vulnerability exists in versions of xkbcommon prior to 0.8.1, which stems from a program that incorrectly handles the xkbFile in the xkbgeometry section, and which can be exploited by a local attacker to...

PT-2018-13246 · Xkbcommon +4 · Xkbcommon +4

Name of the Vulnerable Software and Affected Versions: xkbcommon versions prior to 0.8.1 Description: The issue is related to an infinite loop that occurs when the End Of Line EOL is reached unexpectedly in the keymap parser, located in compose/parser.c. This could be exploited by local attackers...

PT-2018-13244 · Xkbcommon +4 · Xkbcommon +4

Name of the Vulnerable Software and Affected Versions: xkbcommon versions prior to 0.8.1 Description: The issue allows local attackers to crash the xkbcommon parser by supplying a crafted keymap file, due to unchecked NULL pointer usage. This occurs because geometry tokens were desupported...

CVE-2017-16876

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...

PT-2017-14611 · Mistune · Mistune

Name of the Vulnerable Software and Affected Versions: Mistune versions prior to 0.8.1 Description: The issue concerns a Cross-Site Scripting XSS vulnerability in the keyify function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML by exploiting the failure to...