12 matches found
EUVD-2024-0906
Malicious code in bioql PyPI...
EUVD-2024-0807
Malicious code in bioql PyPI...
EUVD-2024-0914
Malicious code in bioql PyPI...
EUVD-2024-0839
Malicious code in bioql PyPI...
Fedora: Security Advisory for gitit (FEDORA-2024-b458482d48)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-28243
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...
CVE-2024-28246 KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...
CVE-2024-28244
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...
CVE-2024-28244 KaTeX's maxExpand bypassed by Unicode sub/superscripts
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...
CVE-2024-28243 KaTeX's maxExpand bypassed by \edef
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...
[SECURITY] Fedora 34 Update: gitit-0.13.0.0-5.1.fc34
Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...
[SECURITY] Fedora 31 Update: gitit-0.12.3.2-4.fc31
Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...