Astra Linux - уязвимость в golang-1.15

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

EUVD-2023-53421

Malicious code in bioql PyPI...

Authentication Bypass

firebase/php-jwt is vulnerable to Authentication Bypass. The vulnerability is due to missing algorithm checks when calling the decode method allowing attackers bypass verification when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512 when there is no algorithm specified within the...

Ivanti Avalanche decode XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decode method. Due to the improper restriction of XML External Entity XXE...

CVE-2018-19530

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...