XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the validation process which use XML Validator with not configured securely. An attacker can access sensitive information from internal files or external resources by submitting specially crafted XM...

ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash

Summary Passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage divides by these zero dimensions, triggering a crash SIGFPE/abort, resulting in a denial of service. Details Root Cause 1. montage -geometry ":"...

CVE-2024-46745 Input: uinput - reject requests with unreasonable number of slots

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...

CVE-2016-9372

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects...