Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the file upload process. An attacker can execute arbitrary JavaScript code in the context of another user's browser by uploading a specially crafted SVG file containing malicious scripts. When a victim access...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient validation in the MsgCommitPubRandList handler, combined with a lack of domain separation in signed messages. An attacker can store an invalid PubRand commitment by crafting the message parameters ...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient validation in the MsgCommitPubRandList handler, combined with a lack of domain separation in signed messages. An attacker can store an invalid PubRand commitment by crafting the message parameters ...

CVE-2024-20355

A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...

Multithreaded WASM Triggered Assertions

firefox has Multithreaded WASM triggered assertions validating separation of script domains...

Sun M-class hardware denial of service

Sun/Fujitsu M4000-M9000 machines are very expensive multicpu sparc64 architecture machines, scaling all the way up to 64 processors, 256 cores, and 512 threads. They use the Fujitsu SPARC64 VI and more recently VII processors. The smallest models are large 6U 84kg, and the larger models are fridg...