[SECURITY] Fedora 40 Update: qpdf-11.9.0-1.fc40

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...

Fedora: Security Advisory (FEDORA-2024-8762164e47)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: qpdf-11.6.4-2.fc39

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...

[SECURITY] Fedora 40 Update: objectweb-asm-9.6-5.fc40

ASM is an all purpose Java bytecode manipulation and analysis framework. It can be used to modify existing classes or dynamically generate classes, directly in binary form. Provided common transformations and analysis algorithms allow to easily assemble custom complex transformations and code...

[SECURITY] Fedora 39 Update: golang-x-text-0.14.0-1.fc39

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

[SECURITY] Fedora 38 Update: golang-x-text-0.14.0-1.fc38

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

The vulnerability of the RVTools virtualization audit application, related to errors in cryptographic transformations, allows unauthorized access to protected information.

The vulnerability of the RVTools virtualization audit application is related to errors in cryptographic transformations. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

PT-2023-6956 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions below 9.0.7 and 9.1.2 Description: The issue is related to the improper sanitization of extensible stylesheet language transformations XSLT supplied by users in Splunk Enterprise. This allows an attacker to upload...

libxslt: Multiple Vulnerabilities

Background libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact Please review th...

SUSE CVE-2010-3019

Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service application crash or hang via vectors related to HTML5 canvas painting operations that occur during the application of transformations...

SUSE CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

Drawing a star with DOMMatrix

I recently recorded an episode of HTTP 203 on DOMPoint and DOMMatrix. If you'd rather watch the video version, here it is, but come back here for some bonus details on a silly mistake I made, which I almost got away with. DOMMatrix lets you apply transformations to DOMPoints. I find these APIs...

Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...

Mozilla: Address bar spoofing via XSLT error handling

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data...

Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...

Mozilla: Address bar spoofing via XSLT error handling

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data...

Mozilla: Address bar spoofing via XSLT error handling

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-x-text-0.3.7-4.fc36

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...