[SECURITY] Fedora 34 Update: python-PyMuPDF-1.18.8-2.fc34

This is PyMuPDF, a Python binding for MuPDF - a lightweight PDF and XPS viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and ficti on book formats, and it is known for its top performance and high rendering quality. With PyMuPDF you therefore can also access files with extensions...

NATS Server 访问控制错误漏洞

NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging and microservices architecture. An access control error vulnerability exists in NATS Server 2.x before 2.2.0 and JWT library before 2.0.1, which stems from improper handling of...

SUSE SLES15 Security Update : 389-ds (SUSE-SU-2021:0724-1)

This update for 389-ds fixes the following issues : 389-ds was updated to version 1.4.3.19 - CVE-2020-35518: Fixed an information disclosure during the binding of a DN bsc1181159. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

[SECURITY] Fedora 32 Update: python-PyMuPDF-1.18.8-2.fc32

This is PyMuPDF, a Python binding for MuPDF - a lightweight PDF and XPS viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and ficti on book formats, and it is known for its top performance and high rendering quality. With PyMuPDF you therefore can also access files with extensions...

XSS

Withdrawn: Duplicate of GHSA-vcjj-xf2r-mwvc. Knockout, before 3.5.0-beta, has an XSS injection point in attr name binding for browser IE7 and older...

Fedora 32 : prosody (2021-54d3af6388)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-54d3af6388 advisory. - Prosody 0.11.8 ============== This is a new minor release for the 0.11.x stable branch, it includes bug fixes and performance improvements! Upstream would...

Fedora 33 : prosody (2021-a639ec5d6e)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-a639ec5d6e advisory. - Prosody 0.11.8 ============== This is a new minor release for the 0.11.x stable branch, it includes bug fixes and performance improvements! Upstream would...

VOICEYE WSActiveBridgeES versions prior to buffer error vulnerability

VOICEYE WSActiveBridgeES is an APP program for VOICEYE. A person with a print defect can access print information using the VOICEYE code on the print material. A security vulnerability exists in VOICEYE WSActiveBridgeES versions prior to 2.1.0.3, which stems from an incorrect binding check...

Getting " Your account cannot be added using this server address" error when VPN Session policy is configured with CLASSIC EXPRESSION and bound under AAA User/Group

User tries to connect to Citrix Gateway Vserver from Citrix Workspace will be getting " Your account cannot be added using this server address" when VPN Session policy for Citrix Receiver is configured with CLASSIC EXPRESSION and bound under AAA User/Group a shown below. No issue occurs through W...

389-ds-base: information disclosure during the binding of a DN

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database...

[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

Query Binding Exploitation

illuminate/database is vulnerable to query binding exploitation. The vulnerability exists through the lack of control on the expected bindings in the Query Builder. This vulnerability is related to CVE-2021-21263. The fix addresses several edge cases...

Query Binding Exploitation

illuminate/database is vulnerable to query binding exploitation. The vulnerability exists through the lack of control on the expected bindings in the Query Builder...

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

DEBIAN-CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

Design/Logic Flaw

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

CVE-2021-21263 Query Binding Exploitation in Laravel

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

CVE-2021-21263

Laravel and illuminate/database are affected by a query binding exploitation in which a normally non‑array field sent as an array can add an unexpected number of query bindings. Affected: Laravel frameworks prior to 6.20.11, 7.30.2, and 8.22.1 (and the illuminate/database package used by Laravel)...

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...