8 matches found
CVE-2026-54059
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...
HarfBuzz 安全漏洞
HarfBuzz is HarfBuzz open source a text engine for OpenType fonts. HarfBuzz version before 12.3.0 has a security vulnerability , the vulnerability stems from the SubtableUnicodesCache::create function does not check the hbmalloc return value , which may lead to null pointer dereferencing and...
Linux Distros Unpatched Vulnerability : CVE-2015-5791
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service...
SUSE CVE-2015-5817
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and...
PT-2022-15592 · Apple · Ios +4
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.4 iPadOS versions prior to 15.4 macOS Monterey versions prior to 12.3 Description: The issue allows a user to send audio and video in a FaceTime call without their knowledge. This is due to inadequate checks that have...
CVE-2021-1099
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affect...
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...
Zoho ManageEngine OpManager SQL Injection Vulnerability (CNVD-2018-22525 )
Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software from Zoho. A SQL injection vulnerability exists in Zoho ManageEngine OpManager version 123222 prior to 12.3, which can be exploited by an attacker to obtain sensitive information about a database...