6682 matches found
GHSA-F46R-RW29-R322 React Router allows a DoS via cache poisoning by forcing SPA mode
Summary After some research, it turns out that it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this...
SUSE CVE-2025-46393
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...
DEBIAN-CVE-2025-46393
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to copying buffers without checking the size of the input data, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to trigger a service failure.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by processing or loading specially created web...
USN-7444-1 matrix-synapse vulnerabilities
It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2023-32683 It was discovered that Synapse exposed cached device information. An attacker could possibly use this issue t...
kitty 安全漏洞
kitty is a Python-based GPU terminal emulation software by Kovid Goyal, an individual developer in India. The software provides basic terminal functionality and GPU-based rendering reduces system load, uses OpenGL for rendering, and can be supported on Linux and Mac. A security vulnerability exis...
Fedora 40 : webkitgtk (2025-256a86d7c8)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-256a86d7c8 advisory. Limit the data stored in session state. Remove the empty area below the title bar in Web Inspector when not docked. Fix various crashes and renderin...
The vulnerability of the dmub_dcn35_get_current_time() function in the Direct Rendering Infrastructure (DRI) driver for AMD kernel-based Linux operating systems allows a malicious actor to cause a system failure.
The vulnerability of the dmubdcn35getcurrenttime function in the Direct Rendering Infrastructure DRI driver for AMD kernel-based Linux operating systems is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the xe_drm_client_add_bo() function in the DRI driver of the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the xedrmclientaddbo function in the DRI driver of the Linux operating system’s kernel is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the show_meminfo() function in the Linux kernel’s Direct Rendering Infrastructure (DRI) support driver allows a malicious actor to cause a service failure.
The vulnerability of the showmeminfo function in the Linux kernel’s Direct Rendering Infrastructure DRI support driver is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...
[SECURITY] Fedora 41 Update: php-tcpdf-6.9.1-1.fc41
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to data type conversion errors, allows attackers to influence the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to data type conversion errors. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules, related to the occurrence of operations outside the buffer in memory, allows attackers to cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules, related to resource release errors, allows attackers to trigger a service failure.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to errors during resource release. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
CVE-2025-22373
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...
Vulnerability of the meson_probe_remote() function in the drivers/gpu/drm/meson/meson_drv.c module – This driver provides support for the Direct Rendering Infrastructure (DRI) of the Linux operating system, allowing an attacker to cause a service failure.
Vulnerability of the mesonproberemote function in the drivers/gpu/drm/meson/mesondrv.c module – The driver for supporting Direct Rendering Infrastructure DRI in Linux kernels is vulnerable due to a NULL pointer dereferencing issue. Exploiting this vulnerability could allow an attacker to cause a...
Vulnerability of the radeon_fp_native_mode() function in the drivers/gpu/drm/radeon/radeon_connectors.c file – This driver provides support for Direct Rendering Infrastructure (DRI) in Linux graphics cards from the Radion series. This vulnerability allows attackers to cause system failures.
Vulnerability of the radeonfpnativemode function in the drivers/gpu/drm/radeon/radeonconnectors.c file – The driver that supports Direct Rendering Infrastructure DRI for Linux graphics cards related to the Radion GPU is vulnerable due to a NULL pointer dereferencing issue. Exploiting this...
Vulnerability of the set_wm_ranges() function in the drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c file – This function is part of the driver support for Direct Rendering Infrastructure (DRI) of AMD graphics cards in Linux operating systems. It can be exploited by attackers to cause service failures.
Vulnerability of the setwmranges function in the drivers/gpu/drm/amd/display/dc/dcn301/dcn301resource.c file – The drivers for AMD graphics cards that support Direct Rendering Infrastructure DRI in Linux operating systems are vulnerable due to improper control of resource identifiers “resource...
The vulnerability of DRM/Vboxvideo components in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the DRM/Vboxvideo components in the Linux operating system is related to an operation that goes beyond the buffer boundaries in memory, within the function hgsmiupdatepointershape. Exploiting this vulnerability can allow a hacker to cause a service failure...