Medium: poppler

Issue Overview: A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file. CVE-2022-27337 A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service DoS crash via a...

CVE-2023-21283

In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2023:3168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3168-1 advisory. - A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : poppler vulnerabilities (USN-6273-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6273-1 advisory. Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue t...

CVE-2023-32657

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...

CVE-2023-32657

CVE-2023-32657 affects Weintek Weincloud v0.13.6 (Account API) and prior, described as Improper Restriction of Excessive Authentication Attempts. The provided documents state an attacker could efficiently develop brute-force attacks on credentials by exploiting authentication hints in error messa...

[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

CVE-2023-29109

The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...

OESA-2023-1183 poppler security update

is a PDF rendering library. Security Fixes: A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file.CVE-2022-27337...

SUSE CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

Race condition

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

UBUNTU-CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

PT-2023-20454 · Buildctl +2 · Buildctl +2

Name of the Vulnerable Software and Affected Versions: BuildKit versions v0.11.0 through v0.11.3 Description: The issue arises when a build request contains a Git URL with credentials and creates a provenance attestation describing the build. These credentials could be visible from the provenance...

SUSE CVE-2012-3371

The Nova scheduler in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service excessive database lookup calls and server hang via a request with many repeated IDs in the...