EUVD-2021-26942

Malware in sbrugna...

EUVD-2021-7308

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-11014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file...

CVE-2025-11015

OGRECave Ogre up to 14.4.1 is affected. The vulnerability impacts STBIImageCodec::encode in OgreSTBICodec.cpp and stems from mismatched memory management routines. The issue enables local exploitation, and public PoCs/exploits are available. Affected products are OGRECave Ogre; the vulnerability ...

CVE-2025-11014 OGRECave Ogre Image OgreSTBICodec.cpp encode heap-based overflow

A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible...

CVE-2025-11014 OGRECave Ogre Image OgreSTBICodec.cpp encode heap-based overflow

A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible...

BIT-GITLAB-2021-39909

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...

Amazon Linux 2 : sox, --advisory ALAS2-2023-2231 (ALAS-2023-2231)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2231 advisory. A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsxreadwbuf in formatsi.c file. The...

XWiki 3.2M2 < 13.10.7, 14.x < 14.4.1 CSRF Vulnerability (GHSA-mq7h-5574-hw9f)

Xwiki is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2022-41927

XWiki Platform is vulnerable to Cross-Site Request Forgery CSRF that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the pag...

CVE-2022-41927 XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags

XWiki Platform is vulnerable to Cross-Site Request Forgery CSRF that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the pag...

GitLab 0.8.x < 14.2.6, 14.3.x < 14.3.4, 14.4.x < 14.4.1 Code Injection Vulnerability.

GitLab is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

CVE-2021-3643

A flaw was found in sox 14.4.1. The lsxadpcminit function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information...

Buffer overflow

A flaw was found in sox 14.4.1. The lsxadpcminit function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information...

GLSA-202202-01 : WebkitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202202-01 WebkitGTK+: Multiple vulnerabilities - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave,...

Improper access control

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

PT-2021-22759 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.2.6 GitLab CE/EE versions 14.3 through 14.3.3 GitLab CE/EE versions 14.4 through 14.4.0 Description: The issue involves the accidental logging of the system root password in the migration log. This allows an...

PT-2021-22751 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 14.2.6 GitLab CE/EE versions 14.3 through 14.3.4 GitLab CE/EE versions 14.4 through 14.4.1 Description: The issue is related to an Improper Access Control vulnerability in the GraphQL API. This vulnerability...

CVE-2021-1844

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 v. 14610.4.3.1.7 and 15610.4.3.1.7, watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution...