CVE-2023-46345

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c...

Null pointer dereference

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c...

CVE-2023-46345

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c...

Important: python3

Issue Overview: A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-blackbox-exporter, cortex, up, kubevela, ipfs, kubeflow, falco, buildkitd, scorecard, src, terraform-provider-sendgrid, slsa-verifier, dgraph, k3d, kubescape, aactl...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: volume-modifier-for-k8s-fips, src, terraform-provider-sendgrid-fips, vault-csi-provider, buildkitd, conftest-fips, spark-operator, ipfs, k3d, kube-oidc-proxy, scorecard, falco, aactl, cluster-autoscaler-fips, slsa-verifier, bank-vaults-fips, aws-efs-csi-driver-fips,...

CVE-2023-46345

Catdoc v0.95 is affected by a NULL pointer dereference in the xls2csv component (src/xlsparse.c). The issue can impact availability (per CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) but does not affect confidentiality or integrity per the same entry. There is no publicly documented fix or patched v...

CVE-2023-46009

gifsicle-1.94 was found to have a floating point exception FPE vulnerability via resizestream at src/xform.c...

CVE-2023-46009

gifsicle-1.94 was found to have a floating point exception FPE vulnerability via resizestream at src/xform.c...

CVE-2023-46009

CVE-2023-46009 affects gifsicle, where the vulnerability is a floating point exception in the resize_stream path (src/xform.c) of gifsicle-1.94. Multiple connected sources (Mageia openSUSE openSUSE-SU-2024:0146-1, Fedora advisories, and openVAS/Nessus plugins) confirm the issue and the update to ...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: bom, terraform, dynamic-localpv-provisioner, metrics-server, nri-prometheus, k8sgpt-operator, flux-source-controller, spark-operator, prometheus-elasticsearch-exporter, prometheus-mongodb-exporter-fips, falcoctl, wavefront-collector-for-kubernetes, external-dns-fips,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, git-lfs, coredns, kaf, ip-masq-agent, kubewatch, helm, metacontroller, src, terraform-provider-sendgrid, kpt, metrics-server, mc, cortex, dynamic-localpv-provisioner, flux-kustomize-controller, pulumi-language-dotnet, terraform-provider-aws,...

PT-2023-7588 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version US AC10V4.0si V16.03.10.13 cn Description: The issue is related to a stack overflow in the sub 47D878 function when handling the src parameter, potentially allowing a remote attacker to execute arbitrary code or cause a...

Malicious code in component---src-pages-corporate-delegate-packages-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94743768fa45d297822cb222b29ce23ca1ef1e8fbbc617de5e13df7b8fc60700 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5266

CVE-2023-5266 describes a critical SQL injection in DedeBIZ 6.2, affecting an unknown part of the file /src/admin/tags_main.php. The vulnerability arises from manipulation of the ids argument, enabling remote exploitation. Multiple sources confirm the issue and note that the exploit has been publ...

CVE-2023-5257 WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the...

Important: libssh2

Issue Overview: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CVE-2020-22218 Affected Packages: libssh2 Issue Correction: Run yum update libssh2 or yum update --advisory ALAS-2023-1834 to update your system. New Packages:...

Use After Free

libgpac.so is vulnerable for Use After Free. The vulnerability is due to a lack of memory location validation in ctx-reftkw within the ctx-tracks array in the mp4muxconfigurepid function of src/filters/muxisom.c...

DEBIAN-CVE-2023-41633

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c...

CVE-2023-41633

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c...