[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6597 Download | Alert*

Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code.

Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.

Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.

Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.

Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.

It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of external files is disabled by default with this update.

It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of external files is disabled by default with this update.

An arbitrary file reads from malformed XML payload vulnerbility was discovered in owslib, the Python client library for Open Geospatial web services. This issue has been addressed by always using lxml as the XML parser with entity resolution disabled.

An arbitrary file reads from malformed XML payload vulnerbility was discovered in owslib, the Python client library for Open Geospatial web services. This issue has been addressed by always using lxml as the XML parser with entity resolution disabled.

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code.


Pages:      Start    381    382    383    384    385    386    387    388    389    390    391    392    393    394    ..   659

© SecPod Technologies