It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file. This module is only enabled in the nginx-extras binary package.
It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file. This module is only enabled in the nginx-extras binary package.
Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object.
Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object.
One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue.
It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass.
It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass.
Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat.
Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat.
It was discovered that SPIP, a website engine for publishing, did not correctly validate its input. This would allow authenticated users to execute arbitrary code.