openssl security update

1:3.0.7-25.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evpproperties section in main OpenSSL configuration fi...

SUSE CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

DEBIAN-CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

Missing onlyOwner Modifier Will Give Access To Any Malicious User To Change UnwrapFee Immediately

Lines of code Vulnerability details Impact Any address can call the function changeUnwrapFee and modify or influence the unwrap fee, compromising the intended governance structure and allowing malicious users or entities to favourably adjust fees to their advantage for token unwrapping. Proof of...

PT-2023-28286 · Eclipse +2 · Eclipse Ide +2

Name of the Vulnerable Software and Affected Versions: Eclipse IDE versions prior to 2023-09 4.29 Description: The issue concerns the parsing of XML content in certain files, making them vulnerable to XXE attacks. This can occur when a user opens a malicious project or updates an open project wit...

Important: python3

Issue Overview: A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The...

E-Fun CMS 5.0 XML Injection

==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

SUSE CVE-2023-2789

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

DEBIAN-CVE-2023-2789

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

Design/Logic Flaw

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

CVE-2023-2789 GNU cflow parser.c parse_variable_declaration denial of service

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

PT-2023-21396 · Gnu +1 · Gnu Cflow +1

Name of the Vulnerable Software and Affected Versions: GNU cflow version 1.7 Description: A problematic issue has been found that affects the function func body/parse variable declaration of the file parser.c, leading to denial of service. The exploit has been disclosed to the public and may be...

GNU cflow 安全漏洞

GNU cflow is a flowchart generator from the US GNU community that reads C source files and generates externally referenced flowcharts. A security vulnerability exists in GNU cflow version 1.7, which stems from a problem with the function funcbody/parsevariabledeclaration in parser.c, resulting in...

PT-2023-35738 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a global buffer overflow read. The crash state involves functions such as xmlStrndup, htmlParseSystemLiteral, a...

Debian: Security Advisory (DLA-355-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K74327432: F5 Container Ingress Services vulnerability CVE-2019-6648

Security Advisory Description If DEBUG logging is enabled, F5 Container Ingress Services CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP system secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

SUSE CVE-2007-5795

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a...

SUSE CVE-2008-1188

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with 1 a long key name in the xml header or 2 a long charset value, different issu...

SUSE CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

SUSE CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...