USN-6291-1 gstreamer1.0 vulnerability

Hanno Bock discovered that GStreamer incorrecly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

Oracle Linux 8 : libxml2 (ELSA-2023-4529)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4529 advisory. - Fix CVE-2023-28484 2185994 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

CVE-2023-39342

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

Design/Logic Flaw

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

The vulnerability of the microprogrammed software of Wi-Fi routers ASUS RT-AC86U and RT-AX56U allows a hacker to execute arbitrary code.

The vulnerability of ASUS’ Wi-Fi router software, RT-AC86U and RT-AX56U, is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

Malicious code in stranger-strings-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0eb204bfcf29270cc49274f3388170c77d866c2f6e0a88d4336c01732a365768 The OpenSSF Package Analysis project identified 'stranger-strings-functions' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2023-2514)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...

The vulnerability of the command-line interface of FortiOS operating systems and the FortiProxy proxy server, related to the use of uncontrolled format strings, allows attackers to execute arbitrary code.

The vulnerability of the command-line interface of FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a attacker to execute arbitrary code using specially...

CVE-2023-35067

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

CVE-2023-35067

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

Design/Logic Flaw

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701...

CVE-2023-35067 Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

CVE-2023-35067 Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701...

Infodrom Software E-Invoice Approval System 安全漏洞

Infodrom Software E-Invoice Approval System is an electronic invoice approval system from Infodrom Software, Turkey. A security vulnerability exists in Infodrom Software E-Invoice Approval System prior to version v.20230701, which stems from a plaintext stored password vulnerability that allows...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2392)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

Code injection

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...