CVE-2025-64776

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2021-31894

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.X All versions V9.1 SP2, SIMATIC PDM All versions V9.2 SP2, SIMATIC STEP 7 V5.X All versions V5.7, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 SP2 HF1. A directory containing...

CVE-2022-50685

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers...

CVE-2022-50685 Kentico Xperience <= 13.0.56 File Upload Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers...

CVE-2022-50685

CVE-2022-50685 is a stored XSS vulnerability in Kentico Xperience. Authenticated users can upload XML files as page attachments or metafiles to trigger stored XSS, executing scripts in other users’ browsers. Multiple connected sources confirm the vulnerability in Kentico Xperience and describe XM...

PT-2025-52307

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Authenticated users can inject malicious scripts through XML file uploads, specifically when used as page attachment...

Siemens SIMATIC PCS 7 Security Bypass Vulnerability

Siemens SIMATIC PCS 7 is a process control system from Siemens, Germany. A security vulnerability exists in Siemens SIMATIC PCS 7, which can be exploited by an attacker to alter the contents of certain metafiles...

PT-2021-19569 · Siemens · Sinamics Starter +3

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 and earlier SIMATIC PCS 7 versions prior to V9.1 SP2 SIMATIC PDM versions prior to V9.2 SP2 SIMATIC STEP 7 versions prior to V5.7 SINAMICS STARTER versions prior to V5.4 SP2 HF1 Description: A vulnerability has bee...

GHSA-523C-XH4G-MH5M Denial of Service in Apache POI

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: - Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294 - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

[SECURITY] Fedora 31 Update: libEMF-1.0.13-1.fc31

libEMF is a library for generating Enhanced Metafiles on systems which don't natively support the ECMA-234 Graphics Device Interface GDI. The library is intended to be used as a driver for other graphics programs such as Grace or gnuplot. Therefore, it implements a very limited subset of the GDI...

[SECURITY] Fedora 31 Update: libEMF-1.0.12-1.fc31

libEMF is a library for generating Enhanced Metafiles on systems which don't natively support the ECMA-234 Graphics Device Interface GDI. The library is intended to be used as a driver for other graphics programs such as Grace or gnuplot. Therefore, it implements a very limited subset of the GDI...

libEMF Denial of Service Vulnerability (CNVD-2020-28251)

libEMF is a library for generating enhanced metafiles. A security vulnerability exists in libEMF 1.0.11 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service...

libEMF Resource Management Error Vulnerability

libEMF is a library for generating enhanced metafiles. A resource management error vulnerability exists in libEMF 1.0.11 and earlier versions. The vulnerability stems from mismanagement of system resources e.g., memory, disk space, files, etc. by a networked system or product. No detailed...

poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

Microsoft Windows Multiple Vulnerabilities (KB4022719)

This host is missing a critical security update according to Microsoft KB4022719 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3837-1 : libreoffice - security update

It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

[SECURITY] [DSA 3837-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3837-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2017 https://www.debian.org/security/faq -...

ConfigStoreRootPath Cluster Parameter Is Not Defined

Challenge This article describes how to fix the warning/error "ConfigStoreRootPath cluster parameter is not defined" appearing in the following situations: When attempting to add a Windows Server 2016 and later Hyper-V cluster to the Veeam Backup & Replication Console. When attempting to backup a...

libwmf: heap overflow within the RLE decoding of embedded BMP images

It was discovered that libwmf did not correctly process certain WMF Windows Metafiles with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileg...

libwmf: heap overflow when decoding BMP images

It was discovered that libwmf did not correctly process certain WMF Windows Metafiles containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges ...