EUVD-2023-60352

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anyseemasterxfer In anyseemasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

CVE-2023-54093

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anyseemasterxfer In anyseemasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

CVE-2023-54093

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anyseemasterxfer In anyseemasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

UBUNTU-CVE-2024-47882

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

Deserialization of untrusted data

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

CVE-2023-26512 Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

protobufjs Prototype Pollution vulnerability

protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...

CVE-2021-29975

CVE-2021-29975 affects Mozilla Firefox earlier than 90. Through DOM manipulations, an attacker could overlay a message (text only) on top of another domain while the address bar showed the new domain, potentially leading to user confusion or spoofing. The issue is tied to content spoofing in Fire...

cups-lpr -- lppasswd multiple vulnerabilities

D. J. Bernstein reports that Bartlomiej Sieka has discovered several security vulnerabilities in lppasswd, which is part of CUPS. In the following excerpt from Bernstein's email, CVE names have been added for each issue: First, lppasswd blithely ignores write errors in fputsline,outfile at lines...