• CVE-2021-3927

    OL CVE Issue Summary:

    heap-based buffer overflow in `utf_ptr2char()` in `mbyte.c`
    Heap use-after-free in `nv_replace()`
    Heap use-after-free in `nv_replace()`
    Illegal memory access when C-indenting
    heap-buffer-overflow in `inc()` (`misc2.c`).

    CVE-2021-3927
    CentOS 7
    vim-7.4.629-8_ol005.el7
    vim-7.4.629-8_ol005.el7
    7.3

  • New Bootstrap Vulnerabilities to Watch

    In this blog, our expert reports on recently disclosed vulnerabilities affecting Bootstrap 3 and Bootstrap 4, which are end of life.

  • CVE-2022-23990

    OL CVE Issue Summary:

    Invoking `XML_Parse` before `rand()` results in non-random, predictable output
    Little entropy used for hash initialization
    Integer overflow in `doProlog()`
    `XML_ParseBuffer()` in `xmlparse.c` does not reject a negative length.
     

    CVE-2022-23990
    CentOS 7
    expat-2.1.0-15_ol006.el7
    expat-2.1.0-15_ol006.el7
    7.5

  • CVE-2012-6702

    OL CVE Issue Summary:

    Invoking `XML_Parse` before `rand()` results in non-random, predictable output
    Little entropy used for hash initialization
    Integer overflow in `doProlog()`
    `XML_ParseBuffer()` in `xmlparse.c` does not reject a negative length.

     

    CVE-2012-6702
    CentOS 7
    expat-2.1.0-15_ol006.el7
    expat-2.1.0-15_ol006.el7
    5.9

  • CVE-2016-5300

    OL CVE Issue Summary:

    Invoking `XML_Parse` before `rand()` results in non-random, predictable output
    Little entropy used for hash initialization
    Integer overflow in `doProlog()`
    `XML_ParseBuffer()` in `xmlparse.c` does not reject a negative length.

    CVE-2016-5300
    CentOS 7
    expat-2.1.0-15_ol006.el7
    expat-2.1.0-15_ol006.el7
    7.5

  • Introducing Bootstrap LTS From OpenLogic

    Bootstrap LTS from OpenLogic allows you to stay on Bootstrap 3 or 4 through 2030. Get information about Bootstrap releases, end of life, and long-term support.

  • Bootstrap Framework Basics

    In this blog, our expert gives an overview of the popular Bootstrap framework, explaining key features and use cases, and support options for those running Bootstrap 3 or 4, which are

  • Bootstrap Best Practices and Tips for Getting Started

    Discover the benefits of using Bootstrap for frontend web development in this blog with Bootstrap tips for beginners and best practices for getting started.

  • CVE-2024-8372

    NVD Listing:- NVD - CVE-2024-8372

    Bug Fixes 

    • ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitize image URLs set by $compileProvider.imgSrcSanitizationWhitelist(). 
      This patch addresses the CVE-2024-8372 vulnerability, where users could bypass image source restrictions using ng-attr-src

     

    CVE-2024-8372
    AngularJS
    1.5.13
    ng-srcset
    4.3

  • CVE-2024-8373

    NVD Listing : NVD - CVE-2024-8373

    Bug Fixes 
    ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitise image URLs set by the $compileProvider.imgSrcSanitizationWhitelist(). 
     
    This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute. 

    Notes: The HTML element and the srcset attribute are not supported by IE, unless polyfill is used.

    CVE-2024-8373
    AngularJS
    1.6.15
    ng-srcset
    4.3