| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). |
| A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. |
| gnuplot is affected by a heap buffer overflow at function utf8_copy_one. |
| A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. |
| A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. |
| A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. |
| A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation. |
| A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. |
| There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. |
| A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. |
| Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. |
| Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. |
| Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25. |
| Malicious HTML content contained in the layout specification of a PDF
ticket or badge layout was executed when the PDF editor is opened in the
browser. This could allow one backend user to inject JavaScript into
the browser context of another backend user. Due to requirements of the
PDF rendering and editing libraries used, this is one of the few pages
in our backend that do not have a strong Content-Security-Policy that
would render this capability useless for most scenarios. |
| Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698. |
| A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by default), an unauthenticated attacker can submit a manifest with a URI pointing to internal services or cloud metadata endpoints. The SSRF is reflective for non-200 responses, leaking up to 256 bytes of error body content via CheckResponse error messages. Operator-managed Red Hat Quay deployments auto-configure PSK and are not exposed to the unauthenticated attack vector. |
| Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
| A flaw was found in the community.general Ansible collection's nexmo module.
The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding
API credentials (api_key and api_secret) into URL query parameters and
sending them via GET requests. This causes credentials to be exposed in web
server access logs, proxy logs, HTTP Referer headers, and network monitoring
tools, despite the Ansible argument specification marking these parameters
as no_log. An attacker with access to any of these logging or monitoring
points can obtain the full API credentials and gain unauthorized access to
the victim's Vonage/Nexmo account. |
| A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report. |
| A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant) that cause CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit. |
