Django: SQL injection in JSONField KeyTransform

A vulnerability was discovered in the JSONField KeyTransform functionality of Django. The vulnerability allowed SQL injection attacks by crafting malicious user input for the .values method. The vulnerability was demonstrated in the Django test suite, where a SQL syntax error was triggered by...

python-pillow: buffer overflow in _imagingcms.c

A flaw was found in Pillow. The cmstransformnew function in src/imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service...

PT-2024-12776 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd module affected versions not specified Description: A flaw was found in the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of...

CVE-2024-3319

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

SUSE CVE-2024-26980

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is smaller than sizeofstruct smb2queryinforeq, slab-out-of-bounds read ca...

CVE-2024-3047

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web...

WordPress plugin PDF Invoices & Packing Slips for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. A security vulnerability exists i...

DEBIAN-CVE-2024-26980

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is smaller than sizeofstruct smb2queryinforeq, slab-out-of-bounds read ca...

UBUNTU-CVE-2024-26980

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is smaller than sizeofstruct smb2queryinforeq, slab-out-of-bounds read ca...

CVE-2024-26980

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is smaller than sizeofstruct smb2queryinforeq, slab-out-of-bounds read ca...

OESA-2024-1308 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin...

PT-2024-22478 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 Description: The issue allows a local attacker to cause a denial of service DoS via the opj j2k read mct function when reading images in J2K format. Recommendations: For FreeImage version 3.19.0, consider disabling th...

Astropy Security Breach

Astropy is a Python astronomy project designed to promote interoperability between Python astronomy packages. A security vulnerability exists in Astropy version 5.3.2, which stems from an improper input validation issue in the function TranformGraph.todotgraph, leading to a remote code execution...

[SECURITY] Fedora 40 Update: jakarta-json-2.1.3-4.fc40

Jakarta JSON Processing provides portable APIs to parse, generate, transform, and query JSON documents...

GHSA-FQG8-VFV7-8FJ8 JSONata expression can pollute the "Object" prototype

Impact In JSONata versions = 1.4.0, = 2.0.0, = 1.8.7 and = 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. The following patch can be applied if updating is not possible. patch --- a/src/jsonata.js +++ b/src/jsonata.js @@ -1293,6 +1293,13 @@...

Improper Input Validation

hugin is vulnerable to Improper Input Validation. The vulnerability is due to the mishandling of values in the HuginBase::PTools::Transform::transfor function. This could lead to assertion failure...

SUSE CVE-2024-25445

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure...

CVE-2024-25445

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure...

DEBIAN-CVE-2024-25445

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure...

UBUNTU-CVE-2024-25445

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure...