CVE-2026-11037

CVE-2026-11037 describes an out-of-bounds write in Google Chrome's Codecs component, affecting Chrome versions prior to 149.0.7827.53. The underlying issue could allow a remote attacker to escape the sandbox via a crafted video file. The documented fix is to update to Chrome 149.0.7827.53 or newe...

CVE-2025-11037

creationtimestamp| type| source ---|---|--- 2025-09-26 21:10:30+00:00| seen| https://gist.github.com/Darkcrai86/47c69544ba63cfa96c644b0019a53f71...

CVE-2024-11037

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

RockyLinux 8 : exiv2 (RLSA-2020:1577)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1577 advisory. exiv2: infinite loop and hang in Jp2Image::readMetadata in jp2image.cpp could lead to DoS CVE-2019-20421 exiv2: null pointer dereference in the...

Ubuntu 16.04 ESM : PHP ImageMagick vulnerability (USN-4586-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4586-2 advisory. USN-4586-1 fixed vulnerabilities in PHP ImageMagick. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

SUSE CVE-2018-11037

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file...

wagtail-metadata-mixin (=0.0.7), wagtailperson (>=0.9.8 <=0.10.0) potentially affected by CVE-2020-11037 via wagtail (>=2.8.0 <=2.8.1)

wagtail PYPI version =2.8.0, =0.9.8, =0.10.0 Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +100 more potentially affected by CVE-2020-11037 via wagtail (>=1.0.0 <=2.6.3)

wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.9, =5.22.3, =0.0.1, =10.1.21 and more Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

wagtail-metadata-mixin (=0.0.7), wagtailperson (>=0.9.8 <=0.10.0) potentially affected by CVE-2020-11037 via wagtail (>=2.8.0 <=2.8.1)

wagtail PYPI version =2.8.0, =0.9.8, =0.10.0 Source cves: CVE-2020-11037 Source advisory: OSV:PYSEC-2020-153...

CVE-2020-11037

In Wagtail, a potential timing attack exists on pages or documents protected with a shared password via the Privacy controls. The password check uses a character-by-character comparison, enabling a timing analysis to potentially reveal the password when measured locally. Affected versions are bef...

CVE-2020-11037 Potential Observable Timing Discrepancy in Wagtail

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is...

ALSA-2020:1577 Moderate: exiv2 security, bug fix, and enhancement update

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 0.27.2. BZ1651917 Security Fixes: exiv2: infinite loop and hang in...

Moderate: exiv2 security, bug fix, and enhancement update

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 0.27.2. BZ1651917 Security Fixes: exiv2: infinite loop and hang in...

Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2020-1502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-11037

CVE-2016-11037 is a reservation duplicate of CVE-2016-6604. Connected records show a NULL pointer dereference in the Samsung Exynos fimg2d driver for Android L (5.0/5.1) and M (6.0), allowing unspecified impact via unknown vectors. Affected component: Samsung Exynos fimg2d graphics driver on affe...

openSUSE: Security Advisory for php7-imagick (openSUSE-SU-2020:0014-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian DSA-4576-1 : php-imagick - security update

An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of service, or potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package...

[SECURITY] [DSA 4576-1] php-imagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4576-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2019 https://www.debian.org/security/faq -...

Low: exiv2

Issue Overview: An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image. By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of...

CentOS 7 : exiv2 (CESA-2019:2101)

An update for exiv2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...