Unity Linux 20.1060e / 20.1070e Security Update: exiv2 (UTSA-2026-017642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017642 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2...

CVE-2023-34090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

go-libp2p 资源管理错误漏洞

go-libp2p is the libp2p implementation in Go. A resource management error vulnerability exists in go-libp2p 0.27.3 and earlier versions, which stems from a vulnerability that allows an attacker to store an arbitrary amount of data in a remote node's memory using signed peer records...

Design/Logic Flaw

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

PT-2023-23967 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The external link feature in Decidim is susceptible to cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...

PT-2023-24662 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...

SUSE CVE-2021-29463

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

PT-2022-24241 · Hashicorp · Hashicorp Consul Template

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul Template versions 0.27.2 and earlier, 0.28.2 and earlier, 0.29.1 and earlier Description: The issue concerns the potential exposure of Vault secrets in error messages returned by the template.Template.Execute method when a...

Exiv2 Heap Buffer Overflow Vulnerability (CNVD-2021-62190)

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. jp2image.cpp in Exiv2 version 0.27.3 is vulnerable to a heap buffer overflow. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...

Exiv2 输入验证错误漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability exists in CrwMap::encode0x1810 in Exiv2 version 0.27.3. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...

DEBIAN-CVE-2021-29464

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...

Exiv2 缓冲区错误漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An out-of-bounds read vulnerability exists in Exiv2 0.27.3 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service via specially crafted image files...

Exiv2 缓冲区错误漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An out-of-bounds read vulnerability exists in Exiv2 0.27.3 and earlier versions. An attacker can exploit this vulnerability to cause Exiv2 to crash via specially crafted image files...

PT-2021-8244 · Exiv2 +8 · Exiv2 +8

Name of the Vulnerable Software and Affected Versions: Exiv2 versions v0.27.3 and earlier Description: A heap buffer overflow was found in Exiv2 when used to write metadata into a crafted image file. This could potentially allow an attacker to gain code execution if they can trick the victim into...

DEBIAN-CVE-2021-29458

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

Andreas Huggel Exiv2 安全漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. Exiv2 0.27.3 and earlier versions suffer from a heap buffer overflow vulnerability when writing metadata to specially crafted image files. An attacker could exploit this vulnerability to execute code via a...

Andreas Huggel Exiv2 缓冲区错误漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. Exiv2 0.27.3 and earlier versions have an out-of-bounds read vulnerability when writing metadata to specially crafted image files. An attacker could exploit this vulnerability via a specially crafted image...

PT-2021-4564 · Exiv2 +10 · Exiv2 +10

Name of the Vulnerable Software and Affected Versions: Exiv2 versions v0.27.3 and earlier Description: A heap buffer overflow was found in Exiv2 when used to write metadata into a crafted image file. This could potentially allow an attacker to gain code execution if they can trick the victim into...

libgit2 Denial of Service Vulnerability (CNVD-2018-20567)

libgit2 is a portable, C implementation of the Git core development kit . A security vulnerability exists in libgit2 versions prior to 0.27.3, which stems from a lack of security detection in the 'gitdeltaapply' function of the delta.c file. An attacker can exploit this vulnerability to cause a...