Lucene search
+L

12 matches found

OSV
OSV
added 2026/07/08 11:34 a.m.7 views

BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS5.9AI score0.00364EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly ...

7.5CVSS6.4AI score0.00354EPSS
Exploits1References4
EUVD
EUVD
added 2026/07/06 6:52 p.m.6 views

EUVD-2026-41902

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:52 p.m.5 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/10 6:15 a.m.6 views

UBUNTU-CVE-2026-22693

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

5.3CVSS5.8AI score0.00377EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

HarfBuzz 安全漏洞

HarfBuzz is HarfBuzz open source a text engine for OpenType fonts. HarfBuzz version before 12.3.0 has a security vulnerability , the vulnerability stems from the SubtableUnicodesCache::create function does not check the hbmalloc return value , which may lead to null pointer dereferencing and...

5.3CVSS6.4AI score0.00377EPSS
Exploits1References4
OSV
OSV
added 2020/10/21 3:15 p.m.8 views

CVE-2020-14887

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

6.5CVSS6.9AI score0.01526EPSS
Exploits0References1
OSV
OSV
added 2020/07/15 8:15 p.m.6 views

CVE-2020-14064

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts...

6.5CVSS5.8AI score0.00969EPSS
Exploits0References2
OSV
OSV
added 2018/07/18 1:29 p.m.3 views

CVE-2018-3029

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

5.3CVSS7.3AI score0.0211EPSS
Exploits0References3
OSV
OSV
added 2018/07/18 1:29 p.m.5 views

CVE-2018-3038

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

5.3CVSS7.3AI score0.02066EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 2:29 a.m.3 views

CVE-2018-2707

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

8.1CVSS5.8AI score0.01618EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 2:29 a.m.6 views

CVE-2018-2708

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications subcomponent: Payments Core. Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...

5.3CVSS7.3AI score0.01169EPSS
Exploits0References3
Rows per page
Query Builder