CVE-2019-25550 Encrypt PDF 2.3 Denial of Service via Buffer Overflow

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

CVE-2019-25550

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

WeKnora 代码问题漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Versions of WeKnora prior to 0.2.12 contained code vulnerabilities. These vulnerabilities stemmed from a server-sid...

Exposure of Sensitive Information Through Environmental Variables

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the substitution process in imported realm documents. An attacker can access sensitive environment variables by injecting malicious content into realm documents durin...

Vulnerability fixed in XWiki

The developers of XWiki have fixed a vulnerability in XWiki. The vulnerability is in the way documents are imported into articles. The document's permissions remain on the person importing the document, allowing anyone with permissions to the original document to perform actions with permissions...

Markdown Preview Enhanced 操作系统命令注入漏洞

Markdown Preview Enhanced is a super-powerful markdown extension by the individual developer Yiyi Wang. An operating system command injection vulnerability exists in Markdown Preview Enhanced version v0.6.5 and v0.19.6. An attacker can exploit this vulnerability to perform command injection via t...

[SECURITY] Fedora 25 Update: libwpd-0.10.2-1.fc25

libwpd is a library for import of WordPerfect documents...

SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update. The update fixes the following security issues : - 740453: Vulnerability in RDF handling. CVE-2012-0037 - 752595: overflow in jpeg handling. CVE-2012-1149 - 736146: buffer overflow in the build in icu copy 736146...

XSS vulnerability in the Office Connector

We have identified and fixed a cross-site scripting XSS vulnerability which may affect Confluence instances in a public environment. The XSS vulnerability is exposed in the document import function of the Confluence Office Connector. An attacker might take advantage of the vulnerability to steal...

Word import with Office Connector can overwrite existing content without permission

It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...

Opera Web浏览器9.26修复多个安全漏洞

BUGTRAQ ID: 27901 Opera是一款流行的WEB浏览器，支持多种平台。 Opera Web浏览器的9.26之前版本中存在多个安全漏洞，可能允许恶意用户执行跨站脚本攻击、泄露敏感信息或绕过某些安全限制。 1 当用户键入文件输入时，脚本可能导致忽略一些键盘动作。如果脚本能够诱骗用户相信正在键入正常的文件输入，而不让用户看到已经忽略了键盘动作，就可能导致输入指向计算机上的文件路径，然后在未经用户交互的情况下上传文件。 2 图形属性中可能包含有自定义标注。在显示图形属性时，Opera可能将这些标注处理为脚本，导致在错误的安全环境中运行脚本。 3...