Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013222 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha-hoststr' of size 16 ma...

jsPDF 跨站脚本漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient control over the options parameter of the output function, allowing attackers to inject...

PT-2025-34929 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 9.0.3 Description: O2OA version 9.0.3 contains a remote code execution RCE issue via the mainOutput function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

CVE-2022-49772

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't have happened, but in reality, the NULL port may be seen when the devic...

VulnCheck KEV: CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon...

ipv6: prevent NULL dereference in ip6_output()

...

K71581599: libgd vulnerability CVE-2016-6161

Security Advisory Description The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 Impact When using PHP to generate GIF images, it is possible for a specially crafted GD2...

CVE-2022-45005

IP-COM EW9 V15.11.0.149732 was discovered to contain a command injection vulnerability in the cmdgetpingoutput function...

CVE-2022-45005

IP-COM EW9 V15.11.0.149732 was discovered to contain a command injection vulnerability in the cmdgetpingoutput function...

IP-COM EW9 操作系统命令注入漏洞

The IP-COM EW9 is a wireless router from IP-COM. An operating system command injection vulnerability exists in the IP-COM EW9 version V15.11.0.149732, which stems from a command injection vulnerability in the cmdgetpingoutput function...

DEBIAN-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

UBUNTU-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

Github ejs 代码注入漏洞

Github ejs is an embedded JavaScript template. A code injection vulnerability exists in ejs version 3.1.6, which stems from server-side template injection being possible in settingsview optionsoutputFunctionName. This is parsed as an internal option and the outputFunctionName option is overridden...

PT-2022-3563

Name of the Vulnerable Software and Affected Versions ejs versions 3.1.6 Description The issue is related to the ejs package for Node.js, which allows server-side template injection in settingsview optionsoutputFunctionName. This can be parsed as an internal option and overwrites the...

EulerOS Virtualization 3.0.2.2 : gd (EulerOS-SA-2020-1464)

According to the versions of the gd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via...

security flaw

Stack-based buffer overflow in the ntlmoutput function in http-ntlm.c for 1 wget 1.10, 2 curl 7.13.2, and 3 libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username...

cgiforum-1.0.txt

Hi, Date: 2000/11/20 Affected Application: CGIForum 1.0 http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz Markus Triska CGIForum is a free forum. We can set 'thesection' parameter to view files on the vulnerable system with privileges of the user "nobody". This is caused from...