6 matches found
Axios Systems Assyst 安全漏洞
Axios Systems Assyst is an off-the-shelf application from Axios Systems, UK, for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst has a security vulnerability that stems from a specially crafted dict ke...
SUSE-SU-2024:2173-1 Security update for qpdf
This update for qpdf fixes the following issues: - CVE-2018-9918: Fixed mishandled 'expected dictionary key but found non-name object' cases that could have allowed attackers to cause a denial of service. bsc1089090...
USN-6629-2 ujson vulnerability
USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash...
libxml2: Hashing of empty dict strings isn't deterministic
A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...
i18next cross-site scripting vulnerability (CNVD-2018-14353)
i18next is a translation loading framework written in JavaScript. A cross-site scripting vulnerability exists in i18next 1.10.2 and earlier versions. A remote attacker can exploit this vulnerability by injecting script into the browser with the help of dictionary key names...
CVE-2018-9918
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service stack exhaustion, related to the QPDFObjectHandle and QPDFDictionary classes, because nesting in direct objects is not restricted...