CVE-2024-25445

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure...

kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, leading to a possible kernel crash and denial of service...

kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. An error while resolving policies in xfrmbundlelookup causes the refcount to drop twice, leading to a possible crash and a denial of service...

The vulnerability of the JoltTransform component in the Apache NiFi data processing platform allows attackers to execute cross-site scripting attacks.

The vulnerability of the JoltTransform component in the Apache NiFi data processing platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the server.transformIndexHtml() function on the local development server of the Vite application allows attackers to perform cross-site scripting attacks.

The vulnerability of the server.transformIndexHtml function on the local development server of the Vite application is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

PT-2023-7610

Name of the Vulnerable Software and Affected Versions Vite versions prior to 4.4.12 Vite versions prior to 4.5.1 Vite versions prior to 5.0.5 Description The issue is related to Vite's HTML transformation when invoked manually via server.transformIndexHtml. If the original request URL is passed i...

PT-2023-8404 · Htmlunit · Htmlunit

Name of the Vulnerable Software and Affected Versions: HtmlUnit versions prior to 3.9.0 Description: HtmlUnit is a GUI-less browser for Java programs that is vulnerable to Remote Code Execution RCE via XSTL when browsing an attacker's webpage. The reason for the vulnerability is that the FEATURE...

org.apache.nifi:nifi-kafka-connector-tests (>=1.14.0 <=1.23.2), org.apache.nifi:nifi-standard-nar (>=1.14.0 <=1.15.3) +4 more potentially affected by CVE-2023-49145 via org.apache.nifi:nifi-jolt-transform-json-ui (>=1.14.0 <=1.23.2)

org.apache.nifi:nifi-jolt-transform-json-ui MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.15.0, =1.14.0, =1.23.2 - org.apache.plc4x:plc4j-nifi-plc4x-nar =0.10.0 - org.apache.plc4x:plc4j-nifi-plc4x-processors =0.10.0 Source cves: CVE-2023-49145 Source advisory: OSV:GHSA-68PR-6FJC-WMGM...

Apache NiFi 跨站脚本漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

Enough Polynomials and Linear Algebra to Implement Kyber

I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...

PT-2023-30251 · International Color Consortium · Demoiccmax

Name of the Vulnerable Software and Affected Versions: libIccProfLib2 version 2.1.15 International Color Consortium DemoIccMAX version 79ecb74 Description: The issue is related to a NULL pointer dereference in the CIccXformMatrixTRC::GetCurve method within the IccCmm.cpp file. This occurs when...

SUSE CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

Debian DSA-5528-1 : node-babel7 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5528 advisory. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile...

UBUNTU-CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

Code injection

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133

CVE-2023-45133 affects Babel’s traversal layer. The issue allows arbitrary code execution during compilation when compiling code crafted by an attacker via plugins that rely on path.evaluate() or path.evaluateTruthy(). Affected in: @babel/traverse prior to 7.23.2 and 8.0.0-alpha.4, and all versio...

Holehe - Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function

Holehe Online Version Summary Efficiently finding registered accounts from emails. Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others. Retrieves information using the forgotten password function. Does not alert the target email. Ru...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DFT files...