CVE-2024-35423

CVE-2024-35423 affects vmir e8117, with a heap buffer overflow in wasm_parse_section_functions implemented in /src/vmir_wasm_parser.c. Impact described as high with LOCAL access and user interaction required. Some sources note a workaround: temporarily disable wasm_parse_section_functions until a...

CVE-2024-35422

vmir e8117 was discovered to contain a heap buffer overflow via the wasmcall function at /src/vmirwasmparser.c...

CVE-2024-35425

vmir e8117 was discovered to contain a segmentation violation via the functionprepareparse function at /src/vmirfunction.c...

PT-2024-26494 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir e8117 Description: A segmentation violation issue was discovered in vmir via the function prepare parse function located at /src/vmir function.c. Recommendations: For vmir e8117, as a temporary workaround, consider disabling the function...

SUSE CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

Medium: aws-cfn-bootstrap

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

CVE-2024-21535

A flaw was found in markdown-to-jsx. This vulnerability allows an attacker to execute arbitrary code via Cross-site scripting XSS through the src property by injecting a malicious iframe element into the markdown. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

DEBIAN-CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

VulnCheck KEV: CVE-2014-4663

TimThumb 2.8.13 and WordThumb 1.07, when Webshot aka Webshots is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2024:3577-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3577-1 advisory. libreoffice was updated to version 24.8.1.2 jscPED-10362: - Release notes:...

SUSE-SU-2024:3577-1 Security update for libreoffice

This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: - Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

SUSE-SU-2024:3576-1 Security update for libreoffice

This update for libreoffice fixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: - Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

CVE-2024-46304

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coaphandlerequestputblock function in src/coapblock.c...

CVE-2024-46304

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coaphandlerequestputblock function in src/coapblock.c...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2024-2570)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source command line text editor. double-free in dialogchanged in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to...

Medium: python-pillow

Issue Overview: Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. CVE-2020-10177 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...