Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

GitLab 9.2.x - 10.4.6, 10.5.x - 10.5.6, 10.6.x - 10.6.2 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

MariaDB Multiple Vulnerabilities (Jul/Nov 2021) - Windows

MariaDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if description...

Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2019-19959 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the mishandling of certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames. By using a...

CVE-2018-10379

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability...

VLC Media Player <= 1.0.6 (.avi) - Media File Crash PoC

No description provided by source. !/usr/bin/python VLC Media Player =1.0.6 Malformed Media File Crash PoC Found By: DrIDE Tested: Windows 7, Ubuntu 9, OSX 10.6.X Download: http://www.videolan.org Notes: Register overwrites seem very unpredictable at best... Greets: Offsec and Corelan Teams...

Apple Mac OS X CoreMedia H.264编码视频文件缓冲区溢出漏洞

BUGTRAQ ID: 50068 CVE ID: CVE-2011-3219 Mac OS X是苹果家族机器所使用的操作系统。 Apple Mac OS X在实现上存在缓冲区溢出漏洞，此漏洞可影响CoreMedia组件，允许攻击者以当前用户权限执行任意代码。 当解析H.264流的Sequence Parameter Set数据时，会读取帧剪裁偏移字段，当这些字段包含错误数据时，Quicktime会最终在视频流所分配的缓冲区之外写入，造成任意代码执行。 Apple Mac OS X 10.x Apple MacOS X Server 10.6.x 厂商补丁： Apple -----...

Apple Mac OS X Keychain证书设置安全限制绕过漏洞

BUGTRAQ ID: 49429 Mac OS X是苹果麦金塔Macintosh电脑之操作系统软件的总称。 Mac OS X在Keychain证书的设置上存在安全限制绕过漏洞，远程攻击者可利用此漏洞通过中间人攻击绕过Keychain安全设置。 即使用户已经把Keychain Access中的根CA信任设置标注为“Never Trust”，Mac OS X操作系统也会接受Extended Validation证书为有效。 Apple Mac OS X 10.6.x Apple MacOS X Server 10.6.x 厂商补丁： Apple -----...

Design/Logic Flaw

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted JP2 file...

Integer overflow

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MPEG movie file...

Heap overflow

Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted xar archive...

CVE-2010-3788

This CVE (CVE-2010-3788) affects Apple QuickTime on Mac OS X 10.6.x prior to 10.6.5. The issue is an uninitialized memory access in the processing of JP2 images, which can allow a remote attacker to cause arbitrary code execution or a denial of service by crafted JP2 files. According to the provi...

CVE-2010-3796

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications...

CVE-2010-3797

CVE-2010-3797: XSS in Wiki Server for Mac OS X Server (10.5.8 and 10.6.x prior to 10.6.5). A remote authenticated user can inject arbitrary script/HTML via wiki page editing. The issue is mitigated by applying the Mac OS X 10.6.5 Security Update (Security Update 2010-007) which includes input val...

CVE-2010-3798

Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted xar archive...

CVE-2010-3792

CVE-2010-3792 is a QuickTime vulnerability in MPEG-encoded movie file handling. A signedness error in QuickTime’s MPEG parsing could allow either an application crash or arbitrary code execution when processing a crafted movie file. The issue affected Mac OS X and related QuickTime components pri...

CVE-2010-3792

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MPEG movie file...

Information disclosure

Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume...

Stack overflow

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...

Buffer overflow

Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a bidirectional text string with ellipsis truncation...