16 matches found
CVE-2026-23781
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...
CVE-2026-1519 affecting package bind for versions less than 9.20.21-1
CVE-2026-1519 affecting package bind for versions less than 9.20.21-1. An upgraded version of the package is available that resolves this issue...
sharp 路径遍历漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of various sizes. Versions of Sharp prior to 9.20.0 contained a path traversal vulnerability, which stemmed from improper handling of...
Fedora 43 : bind9-next (2026-b31c8d8e83)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b31c8d8e83 advisory. Update to 9.21.17 rhbz2415843 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 New Features: - Add support for Extende...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-48428
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
EUVD-2025-35647
Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...
EUVD-2019-13459
Malware in sbrugna...
PT-2025-37945
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: A path traversal in Control-M/Agent can lead to local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts out-of-support...
CVE-2025-25111 WordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP Spell Check WP Spell Check wp-spell-check allows Cross Site Request Forgery.This issue affects WP Spell Check: from n/a through = 9.21...
CA Unified Infrastructure Management Buffer Overflow Vulnerability
CA Unified Infrastructure Management is a unified IT monitoring solution that helps organizations deliver reliable, flexible IT services. A buffer overflow vulnerability exists in the robot component in CA Unified Infrastructure Management 9.20 and earlier. A remote attacker could exploit this...
Artifex Software Ghostscript 'gs_makewordimagedevice' Function Denial of Service Vulnerability
Artifex Software Ghostscript is an open source PostScript parser from Artifex Software, which displays Postscript files and prints them on non-Postscript printers. A security vulnerability exists in the 'gsmakewordimagedevice' function in the base/gsdevmem.c file in Artifex Software Ghostscript...
Artifex Software Ghostscript 'intersect' function denial of service vulnerability
Artifex Software Ghostscript is an open source PostScript parser from Artifex Software, which displays Postscript files and prints them on non-Postscript printers. A security vulnerability exists in the 'intersect' function of the base/gxfill.c file in Artifex Software Ghostscript version 9.20. A...
Artifex Software Ghostscript 'pdf14_open' Function Denial of Service Vulnerability
Artifex Software Ghostscript is an open source PostScript parser from Artifex Software, which displays Postscript files and prints them on non-Postscript printers. A security vulnerability exists in the 'pdf14open' function in the base/gdevp14.c file in Artifex Software Ghostscript version 9.20. ...
DEBIAN-CVE-2016-10219
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted file...
7zip denial of service vulnerability
7zip is a set of 7-Zip data compression program software. The program can compress and decompress files in 7z format. A security vulnerability exists in the 'CInArchive::ReadFileItem' method in the Archive/Udf/UdfIn.cpp file in 7zip version 9.20 and 15.05 beta. A remote attacker can exploit this...