CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-50251

The CVE-2023-50251 issue affects php-svg-lib (prior to v0.5.1), a PHP library for parsing/rendering SVGs. Root cause: parsing the attributes of a use tag can trigger recursive references when an id/link points to the same object, creating an infinite recursion; memory exhaustion can follow, poten...

CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

php-svg-lib security vulnerability

php-svg-lib is an open source SVG file parsing/rendering library from dompdf. A security vulnerability exists in versions of php-svg-lib prior to 0.5.1, which stems from the fact that parsing attributes passed to the use tag within an svg document may cause the system to enter infinite recursion,...

CVE-2023-6654

PHPEMS vulnerable in Library: deserialization flaw in lib/session.cls.php of Session Data Handler across PHPEMS 6.x–9.0. Deserialization manipulation allows remote abuse; exploit disclosed publicly (VDB-247357). Several sources corroborate: CVE-2023-6654 entry notes remote attack and public explo...

PHPEMS 代码问题漏洞

PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...

Malicious code in cronos-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28e64c01e4b9cd54a06e2eca183963b81038522ef15da56fc116a385458c783d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8672 Malicious code in cronos-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28e64c01e4b9cd54a06e2eca183963b81038522ef15da56fc116a385458c783d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were...

Cookie leakage between different users in fastapi-proxy-lib

Impact In the implementation of version 0.0.1, requests from different user clients are processed using a shared httpx.AsyncClient. However, one oversight is that the httpx.AsyncClient will persistently store cookies based on the set-cookie response header sent by the target server and share thes...

PT-2023-32993 · Unknown · Fastapi-Proxy-Lib

Name of the Vulnerable Software and Affected Versions: fastapi-proxy-lib version 0.0.1 Description: The issue arises from the shared use of httpx.AsyncClient across different user clients, leading to the persistent storage of cookies based on the set-cookie response header. This results in a cook...

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.20 and earlier versions,...

Malicious code in xpub-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc3e9ded369fe8fed74a7f23ab0c33cbbda2a1e16aab8c2283faba59903c49d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8533 Malicious code in xpub-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc3e9ded369fe8fed74a7f23ab0c33cbbda2a1e16aab8c2283faba59903c49d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2023-5902

Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5903

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5900

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5901

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16...