EUVD-2013-3429

Malware in sbrugna...

[SECURITY] Fedora 41 Update: php-tcpdf-6.9.1-1.fc41

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

GHSA-GM45-Q3V2-6CF8 Fast-JWT Improperly Validates iss Claims

Summary The fast-jwt library does not properly validate the iss claim based on the RFC https://datatracker.ietf.org/doc/html/rfc7519page-9. Details The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a potential...

GHSA-VCC3-RW6F-JV97 Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xc9x-jj77-9p9j. This link is maintained to preserve external references. Original Description Summary Nokogiri upgrades its dependency libxml2 as follows: - v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6 - v1.16...

BIT-SOLR-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

DEBIAN-CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

UBUNTU-CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

The onlyProfileOwnerOrDelegatedExecutor and whenNotPaused checks can be bypassed

Lines of code Vulnerability details Impact The LensHub.sol functions setProfileMetadataURI, setProfileMetadataURIWithSig, setFollowModule, setFollowModuleWithSig, collect, collectWithSig, act, actWithSig, setProfileImageURI, setProfileImageURIWithSig and others use...

SUSE-FU-2022:0039-1 Feature update for zxing-cpp libreoffice

This feature update for zxing-cpp and libreoffice fixes the following issues: Update LibreOffice from version 7.1.3.2 to 7.2.3.2 jscSLE-18213: - Fix external URL connections issues when WebDav is built using libserf. bsc1187173, bsc1186871 - Fix an issue with PPTX where one column becomes two...

BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files

Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. Usage You need to dowload 2 external libraries: pdfbox poi-ooxml To install the...

CVE-2013-3494

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code...

CVE-2013-3494

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code...

PT-2019-15747 · Abb · Abb Pb610 Panel Builder 600

Name of the Vulnerable Software and Affected Versions: ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier Description: The issue concerns the HMIStudio component of ABB PB610 Panel Builder 600, where path settings accept DLLs from outside the program directory. This could potentially allo...

LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly

LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...

Managing Security in a DevOps Environment

DevOps is a software development practice in which development and operations engineers collaborate during the entire product lifecycle. With the adoption of DevOps at mainstream levels, we now see security starting to take a bigger role in DevOps’ day-to-day responsibilities. From a security...

Apple MAC OS X Code Signing Check Bypass Vulnerability

Apple Mac OS X is a commercial operating system. Apple Mac OS X code signing fails to verify libraries loaded outside of the application bundle, allowing attackers to exploit vulnerabilities to run malicious applications and bypass code signing...

Microsoft Internet Explorer Multiple Vulnerabilities (2618444)

This host is missing an important security update according to Microsoft Bulletin MS11-099. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS11-075: Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

The remote Windows host contains a version of the Microsoft Active Accessibility component that fails to properly restrict the path used for loading external libraries. If an attacker can trick a user into opening a file that resides in the same directory as a specially crafted DLL file, he can...