EUVD-2021-30456

Malicious code in bioql PyPI...

CVE-2022-44571

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly...

CVE-2022-41923 Grails Spring Security Core plugin vulnerable to privilege escalation

Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint i.e. the targeted endpoint using the authorization requirements of a different endpoint i.e. the donor endpoint. In some Grails framework applications, access to t...

MGASA-2021-0534 Updated nss packages fix security vulnerability

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using NSS...

libpng fails to properly check length of transparency chunk (tRNS) data

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability, which could lead to arbitrary code execution on an affected system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

libpng contains integer overflows in progressive display image reading

Overview The Portable Network Graphics library libpng contains several flaws in progressive image handling that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...