Security
Headlines

Headlines Latest CVEs

Headline

GHSA-x3r6-ccvq-cf5v: Anki Latex Incomplete Blocklist Vulnerability

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

4 months ago

#vulnerability #git

Anki Latex Incomplete Blocklist Vulnerability

Moderate severity GitHub Reviewed Published Jul 22, 2024 to the GitHub Advisory Database • Updated Jul 25, 2024

Related news

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP.

3 months ago

#xss #vulnerability #web #mac #windows #apple #microsoft #cisco #java #intel

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

20 hours ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

20 hours ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

20 hours ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

21 hours ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

21 hours ago