OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from parser differences and could lead to authentication...

DEBIAN-CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

CISA: Unattended vs. Suspicious Item Poster

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, and CI/CD continuous integration and continuous delivery features. A security vulnerability exists in GitLab, which stems from the ability of a group of...

eSoft Planner 安全漏洞

eSoft Planner is a scheduling software for managing sports facilities from eSoft Planner, Inc. A security vulnerability exists in eSoft Planner version 3.24.08271-USA that stems from a discrepancy in the response of valid and invalid email accounts, which could allow an attacker to enumerate vali...

kernel: firmware: cs_dsp: Fix overflow checking of wmfw header

A vulnerability was found in the Linux kernel's firmware driver csdsp.c, where a buffer overflow is possible in the wmfw header due to insufficient buffer size checks. The issue stems from the size of one of the structs that the code checks, the wmfwadsp?sizes struct, which can vary depending on...

Unspecified Vulnerability in IBM TXSeries for Multiplatforms

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1, which...

CVE-2022-48994 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in sndseqexpandvarevent With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure...

SUSE CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

Loway QueueMetrics 安全漏洞

Loway QueueMetrics is a tool from Loway that allows you to automate the installation of a pre-configured QueueMetrics system on the most common Asterisk distributions. A security vulnerability exists in Loway QueueMetrics versions 17.06.1 through 22.02.11 that stems from the presence of observabl...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the web interface...

OESA-2024-1791 golang security update

. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.7b. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7b advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

AZL-79044 CVE-2024-24789 affecting package golang 1.25.7-1

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

SUSE CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

Edge Computing Versus Cloud Computing: Key Similarities and Differences

Explore the use cases, similarities, and differences of edge computing and cloud computing...

Observable Discrepancy

neos/flow is vulnerable to Observable Discrepancy . The vulnerability is due to observable timing differences within the PersistedUsernamePasswordProvider. An attacker can determine whether an account exists based on the timing of the response, because the hash is only generated if an account was...

Observable Discrepancy

Bouncy Castle is vulnerable to Observable Discrepancy. The vulnerability is due to improper handling of exceptions in RSA-based handshakes. An attacker can exploit the timing differences observed during these exceptions to reveal sensitive information...

HTML attributes vs DOM properties

Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: … const div = document.querySelector'divfoo=bar'; console.logdiv.getAttribute'foo'; // 'bar' console.logdiv.foo; // undefined div.foo = 'hell...