CVE-2023-4579

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox 117...

CVE-2021-33656

When setting font with malicous data by ioctl cmd PIOFONT,kernel will write memory out of bounds...

Ruby on Rails: Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies

The rack cookie parser parses the cookie string using unescape. This allows a malicious attacker to set a second cookie with the name being percent encoded. Typically it would be expected that we cannot trust cookies and in most cases that's true. However in a couple of cases certain expectations...

FreeBSD : WebCalendar -- information disclosure vulnerability (09c92f3a-fd49-11da-995c-605724cdf281)

Secunia reports : socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Input passed to the 'includedir' parameter isn't properly verified, before it is used in an 'fopen' call...