Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
Denys Klymenko discovered a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code via a malicious text/html e-mail message with a crafted SVG document.
Multiple vulnerabilities were fixed in Ceph, a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.
Potential freeing of an uninitialized pointer in kadm_rpc_xdr.c was fixed in krb5, the MIT implementation of the Kerberos network authentication protocol.
It was discovered that there was a potential authorisation bypass vulnerability in Apache Zookeeper, a co-ordination service for reliable distributed applications.
The last update required an update to the database scheme, but as zabbix does not support upgrading the database scheme if SQlite3 is used, using zabbix-proxy-sqlite3 requires the user to drop the database and recreate it with a supplied sql template file.
In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or
Letian Yuan discovered a flaw in Apache Axis 1.x, a SOAP implementation written in Java. It may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
Batik is a toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as viewing, generation or manipulation.
