Command injection

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...

EUVD-2021-0771

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

Ron-checkmarx gitlog command injection vulnerability

Ron-checkmarx gitlog is a parser from the US-based Ron-checkmarx organization. It provides a Git log parser for Node.JS. A command injection vulnerability exists in gitlog version 4.0.4, which stems from the gitlog function in src/index not properly filtering special elements within it. An attack...

GHSA-VV2X-VRPJ-QQPQ Cross-site scripting in Bleach

Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...

CVE-2020-36177

RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2021-00091)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the DataFormatVecPermute API not validating the src format and dst format attributes. An attacker could exploit the...

CVE-2020-15710

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in...

CVE-2020-15710 Potential double-free in pulseaudio

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in...

Debian: Security Advisory (DLA-2422-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2422-1 : qtsvg-opensource-src security update

Malformed SVG images were able to cause a segmentation fault in qtsvg-opensource-src, the QtSvg module for displaying the contents of SVG files in Qt. For Debian 9 stretch, this problem has been fixed in version 5.7.120161021-2.1. We recommend that you upgrade your qtsvg-opensource-src packages...

[SECURITY] [DLA 2422-1] qtsvg-opensource-src security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2422-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk October 31, 2020 https://wiki.debian.org/LTS -...

DLA-2422-1 qtsvg-opensource-src - security update

Bulletin has no description...

PT-2023-25475 · Gifsicle +2 · Gifsicle +2

Name of the Vulnerable Software and Affected Versions: Gifsicle version 1.9.3 Description: A heap buffer overflow issue was discovered in Gifsicle via the ambiguity error component at /src/clp.c. Recommendations: For Gifsicle version 1.9.3, at the moment, there is no information about a newer...

Fedora 32 : 1:libuv (2020-77b758d6dc)

2020.09.26, Version 1.40.0 Stable Changes since version 1.39.0 : - udp: add UVUDPMMSGFREE recvcb flag Ryan Liptak - include: re-map UVEPROTO from 4046 to -4046 YuMeiJie - doc: correct UVUDPMMSGFREE version added cjihrig - doc: add uvmetricsidletime version metadata Ryan Liptak - win,tty: pass...

Debian: Security Advisory (DLA-2376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-2376-1 qtbase-opensource-src - security update

Bulletin has no description...

Medium: python34, python35, python36

Issue Overview: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or...

Medium: python-rsa

Issue Overview: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior...

openSUSE Security Update : rust / rust-cbindgen (openSUSE-2020-933)

This update for rust, rust-cbindgen fixes the following issues : - Updated openssl-src to 1.1.1g for CVE-2020-1967. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2020-933. The text description of this...