15 matches found
EUVD-2025-209828
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
CVE-2025-27850
CVE-2025-27850 affects Garmin WDU servers (versions v1 1.4.6 and v2 5.0). A symlink attack is possible when a malicious graphics package containing symlinks is uploaded; the web server follows the provided links while serving content, and there are no restrictions on link targets. This allows an ...
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
Malicious Package
Overview @ba-ui-toolkit/ba-graphics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Vulnerability of the Microsoft Office Graphics Package components in Microsoft Office programs, allowing a hacker to execute arbitrary code
The vulnerability of the Microsoft Office Graphics Package components in Microsoft Office products is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Vulnerability of the Microsoft Office Graphics Package components in Microsoft Office programs, allowing a hacker to execute arbitrary code
The vulnerability of the Microsoft Office Graphics Package components in Microsoft Office products is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
DEBIAN-CVE-2022-43043
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BDCheckSFTimeOffset at /bifs/fielddecode.c...
Cross-site scripting vulnerability in Import Files function of multiple Siemens products
Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...
CVE-2022-40178
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
CVE-2022-40178
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
Vulnerability of the Microsoft Office Graphics Package components in Microsoft Office programs, allowing a hacker to execute arbitrary code
The vulnerability of the Microsoft Office Graphics Package components in Microsoft Office products is related to access to resources through incompatible types. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user...
The vulnerability in the Microsoft Office Graphics package of the Microsoft 365 Apps for Enterprise software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Office Graphics Package components in Microsoft 365 Apps for Enterprise lies in the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability affects components of Microsoft Office Graphics packages, Microsoft Office programs, Microsoft 365 Apps for Enterprise, and Microsoft Word, allowing attackers to execute arbitrary code.
The vulnerability of components of the Microsoft Office Graphics package, as well as Microsoft Office and Microsoft 365 Apps for Enterprise, is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by opening a specially created file...
Vulnerabilities of the Red Hat Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the kdegraphics-2.2.2 package of the Red Hat Linux operating system can be exploited, leading to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
DSA-182 kdegraphics - buffer overflow
Bulletin has no description...