Astra Linux - уязвимость в chromium

The use of after-free in Profiles in Google Chrome before version 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...

CVE-2024-42059

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

DEBIAN-CVE-2022-27383

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component mystrcasecmp8bit, which is exploited via specially crafted SQL statements...

CVE-2018-1000526

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26...