Vulnerabilities

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.<br /> <br /> Imager::File::GIF&amp;#39;s i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF&amp;#39;s global screen width &amp;#39;SWidth&amp;#39; and reuses it across every image in the file.<br /> <br /> The page-match branch validates Image.Width + Image.Left &gt; SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in<br /> runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user&amp;#39;s context. This vulnerability is fixed in 9.2.0479.

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.

Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML(...) or ViewXmlUtils.fromXML(...), unsafe XML processing can lead to file disclosure or SSRF.

* Countermeasures for DPA within SYMCRYPTO<br /> engine on SixG301xxx devices are not sufficiently random and will<br /> eventually repeat.<br /> * KSU keys using SYMCRYPTO will be<br /> impacted by this vulnerability.

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ptrace: slightly saner &amp;#39;get_dumpable()&amp;#39; logic<br /> <br /> The &amp;#39;dumpability&amp;#39; of a task is fundamentally about the memory image of<br /> the task - the concept comes from whether it can core dump or not - and<br /> makes no sense when you don&amp;#39;t have an associated mm.<br /> <br /> And almost all users do in fact use it only for the case where the task<br /> has a mm pointer.<br /> <br /> But we have one odd special case: ptrace_may_access() uses &amp;#39;dumpable&amp;#39; to<br /> check various other things entirely independently of the MM (typically<br /> explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for<br /> threads that no longer have a VM (and maybe never did, like most kernel<br /> threads).<br /> <br /> It&amp;#39;s not what this flag was designed for, but it is what it is.<br /> <br /> The ptrace code does check that the uid/gid matches, so you do have to<br /> be uid-0 to see kernel thread details, but this means that the<br /> traditional "drop capabilities" model doesn&amp;#39;t make any difference for<br /> this all.<br /> <br /> Make it all make a *bit* more sense by saying that if you don&amp;#39;t have a<br /> MM pointer, we&amp;#39;ll use a cached "last dumpability" flag if the thread<br /> ever had a MM (it will be zero for kernel threads since it is never<br /> set), and require a proper CAP_SYS_PTRACE capability to override.

PDF Export Module used in DHTMLX&amp;#39;s products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise.<br /> <br /> This issue was fixed in PDF Export Module version 0.7.6.