A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.
Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs
Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs
Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs
Library that uses EtherNet/IP or Modbus TCP to read and write tags in PLCs
Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. Crypt::Random::rand 1.05 through 1.55 uses the rand() function. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.
Interface to /dev/random and /dev/urandom
Interface to /dev/random and /dev/urandom
Provide strong randomness for seeding
Provide strong randomness for seeding
Get weak or strong random data from pluggable sources
Random numbers using timer/schedule entropy, aka userspace voodoo entropy
Get weak or strong random data from pluggable sources
Random numbers using timer/schedule entropy, aka userspace voodoo entropy
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation from mailman to rootThis issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.
Django library for Mailman UIs
Django library for Mailman UIs
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.
Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.
Easy p2p file sending program
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
Open-source JPEG 2000 codec written in C language
A J2K and JP2 plugin for pylibjpeg
A J2K and JP2 plugin for pylibjpeg
A J2K and JP2 plugin for pylibjpeg
A J2K and JP2 plugin for pylibjpeg