11 matches found
Amazon Linux 2023 : cni-plugins (ALAS2023-2026-1723)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1723 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...
Important: docker
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
Important: amazon-ecr-credential-helper
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
Important: python3-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...
EUVD-2018-11796
Malware in sbrugna...
EUVD-2019-1927
Malware in sbrugna...
EUVD-2022-33094
Malicious code in bioql PyPI...
CVE-2024-25448
An issue in the imlibfreeimageanddecache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...
CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...
ezXML Heap Buffer Overflow Vulnerability
ezXML is a C library for parsing XML documents . A heap buffer overflow vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmldecode function when parsing a specially crafted XML file. An attacker could exploit this...
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
A vulnerability exists in Ruby on Rails’ JavaScript Object Notation JSON code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL cod...