GHSA-HXJF-H2MH-R6HJ Use After Free in libpulse-binding

Affected versions contained a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference...

Use After Free in libpulse-binding

Affected versions contained a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference...

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

Huawei HarmonyOS Heap Buffer Overflow Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. Huawei HarmonyOS is vulnerable to a heap buffer overflow vulnerability, which originates when a component of the product fails to properly determine memory boundaries. An attacker could exploit the vulnerability to rewrite th...

Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the improper limitation of XML links to external objects, which allows attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

[SECURITY] [DLA 2857-1] postgis security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2857-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk December 28, 2021 https://wiki.debian.org/LTS -...

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

Ajax.NET Professional 代码问题漏洞

Ajax.NET Professional is one of the first AJAX frameworks available for Microsoft ASP.NET. Ajax.NET Professional suffers from a cross-site scripting vulnerability that stems from the software's lack of filtering and escaping of user-submitted JavaScript objects, which makes it susceptible to...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description pimcore is vulnerable to Stored Cross-Site Scripting in the name field via the import functionality. Steps to reproduce: 1. Navigate to settings -- Data Objects -- Objectbricks 2. ave the following data as JSON file and import it: json "classDefinitions": , "key": null, "parentClass":...

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

GHSA-6W7G-P4JH-RF92 "Verify All" Returns Success Despite Validation Failures in Singularity

Impact The --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. The SIF objects that are not verified are reported in WARNING log messages, but a Container Verified message and exit code of 0 are returned. Workflo...

The vulnerability of the PDF editing software Foxit PhantomPDF and the text viewing software Foxit Reader for Windows operating systems arises from allowing operations beyond the buffer boundaries in memory, enabling attackers to execute arbitrary code.

The vulnerability of the Foxit PhantomPDF PDF editing program and the Foxit Reader text viewing program for Windows operating systems is related to the execution of operations outside the buffer in memory when processing annotation objects. Exploiting this vulnerability allows a malicious actor t...

The vulnerability of the PDF editing software Foxit PhantomPDF and the text viewing software Foxit Reader for Windows operating systems arises from allowing operations beyond the buffer boundaries in memory, enabling attackers to execute arbitrary code.

The vulnerability of the Foxit PhantomPDF PDF editing program and the Foxit Reader text viewing program for Windows operating systems is related to the execution of operations outside the buffer in memory when processing annotation objects. Exploiting this vulnerability allows a malicious actor t...

The vulnerability of the PDF editing software Foxit PhantomPDF and the text viewing software Foxit Reader for Windows operating systems arises from allowing operations beyond the buffer boundaries in memory, enabling attackers to execute arbitrary code.

The vulnerability of the Foxit PhantomPDF PDF editing program and the Foxit Reader text viewing program for Windows operating systems relates to the execution of operations beyond the buffer in memory when processing annotation objects. Exploiting this vulnerability allows a malicious actor to...

DEBIAN-CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

Design/Logic Flaw

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

PYSEC-2021-870

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

UBUNTU-CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...