Unity Linux 20.1060e / 20.1070e Security Update: exiv2 (UTSA-2026-017642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017642 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2...

CVE-2023-34090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

go-libp2p 资源管理错误漏洞

go-libp2p is the libp2p implementation in Go. A resource management error vulnerability exists in go-libp2p 0.27.3 and earlier versions, which stems from a vulnerability that allows an attacker to store an arbitrary amount of data in a remote node's memory using signed peer records...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to using an external library which, by default, allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database...

Design/Logic Flaw

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

PT-2023-23967 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The external link feature in Decidim is susceptible to cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...

PT-2023-24662 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...

Decidim 信息泄露漏洞

Decidim is a participatory democracy framework written in Ruby on Rails. An information disclosure vulnerability exists in versions of Decidim prior to 0.27.3, which stems from allowing all data attributes and associations to be filtered, allowing an unauthenticated, remote attacker to steal...

SUSE CVE-2021-29463

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

SUSE CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

PT-2022-24241 · Hashicorp · Hashicorp Consul Template

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul Template versions 0.27.2 and earlier, 0.28.2 and earlier, 0.29.1 and earlier Description: The issue concerns the potential exposure of Vault secrets in error messages returned by the template.Template.Execute method when a...

Exiv2 Heap Buffer Overflow Vulnerability (CNVD-2021-62190)

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. jp2image.cpp in Exiv2 version 0.27.3 is vulnerable to a heap buffer overflow. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...

DEBIAN-CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

PYSEC-2021-877

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

Integer overflow

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

Exiv2 输入验证错误漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability exists in CrwMap::encode0x1810 in Exiv2 version 0.27.3. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...