Security
Headlines

Headlines Latest CVEs

Headline

GHSA-x3r6-ccvq-cf5v: Anki Latex Incomplete Blocklist Vulnerability

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

2 months ago

#vulnerability #git

Anki Latex Incomplete Blocklist Vulnerability

Moderate severity GitHub Reviewed Published Jul 22, 2024 to the GitHub Advisory Database • Updated Jul 25, 2024

Related news

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP.

2 months ago

#xss #vulnerability #web #mac #windows #apple #microsoft #cisco #java #intel

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

2 days ago

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

2 days ago

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

2 days ago

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

2 days ago

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

2 days ago